Polymorphic Android malware requires HIPS analysis

Mobile application morphing isn’t something we have heard of on mobile platforms – however I did read an article on some recent developments. I suspect malware writers are developing mobile apps that automatically modify on download as well as continuing to re-engineer the codebase on a daily basis which involves changing the file signature and manifest files on a regular basis. Polymorphic malware apps can also change malicious URL redirects and PRS numbers in the database on a daily basis too – so there is an element of intelligence here.

So what about app permission controls? All apps need permissions, so even if one of these apps was installed, a user could deny all app permissions to connect including i.e. sending an SMS or make a silent PRS call. Is this actually true? I know it isn’t’ true – see the forensics video below from our good friend Thomas Cannon. Read more…

You must be logged in to post a comment