2Faces: a new model of malware based on dynamic compiling and reflection

Autor: Francesco Mercaldo, Fabio Martinelli, Antonella Santone, Giovanni Lacava, Marco Russodivito, Rosangela Casolare
Rok vydání: 2021
Předmět:
Zdroj: Computer (Long Beach Calif. Print) 17 (2021). doi:10.1007/s11416-021-00409-8
info:cnr-pdr/source/autori:Casolare R. (1); Lacava G. (2); Martinelli F. (2); Mercaldo F. (2)(3); Russodivito M. (1); Santone A. (3)/titolo:2Faces: a new model of malware based on dynamic compiling and reflection/doi:10.1007%2Fs11416-021-00409-8/rivista:Computer (Long Beach Calif. Print)/anno:2021/pagina_da:/pagina_a:/intervallo_pagine:/volume:17
ISSN: 2263-8733
Popis: Nowadays malware writers are continually striving to find new ways to evade antimalware checks. To do this, they exploit the vulnerabilities of current antimalware that are unable to detect zero-day threats, because to detect malicious behavior, they need to know their signature, which must be stored in the database: to be recognized, a malware must already be widespread. In this paper we propose a novel malware model with the aim of promoting the development of innovative malware detection paradigms. The proposed model is based on the combination of following mechanisms: dynamic compiling, reflection and dynamic loading, to combine a series of source code snippets into a running application and dynamically alter the normal flow of program execution. We implemented the proposed malware model into the 2Faces Android application. We show also that current antimalware technologies are not able to identify the proposed malware model and we discuss the countermeasures that can be adopted to detect the 2Faces malware.
Databáze: OpenAIRE
Externí odkaz: