from the never-trust-malware dept.
wiredmikey writes "A group of researchers from Northwestern University and North Carolina State University tested ten of the most popular AV products on Android, and discovered that they were easily fooled by common obfuscation techniques.In a paper (PDF), the researchers said they tested AV software from several well-know security vendors. In order to evaluate the mobile security software, the researchers developed a tool called DroidChameleon, which applies transformation techniques to Android applications. Known malware samples were transformed to generate new variants that contain the exact malicious functions as before. These new variants were then passed to the AV products, and much to the surprise of the paper's authors, they were rarely flagged — if at all. According to the research, 43% of the signatures used by the AV products are based on file names, checksums or information obtained by the PackageManager API. This means that, as mentioned, common transformations will render their protection useless for the most part. For example, the researchers transformed the Android rootkit Droid Dream for their test. DroidDream is a widely-known and highly dangerous application. Yet, when it was transformed, every AV program failed to catch at least two variants."
"The urge to destroy is also a creative urge."
[ed. note - I would say: The urge to destroy may sometimes be a creative urge.]