- Android’s Security Team collaborates with Mandiant Flare for Upgrade
- Capa Open Source Binary Analysis Tool improves
- Gemini Ai is also thrown in the mixture
Google hits its Android safety protection with new app security tools.
In a new blog post, Google’s Lin Chen announced the company’s Android Security and Privacy Team collaborating with Mandiant Flare to improve the Capa Open Source Binary Analysis Tool. In this way, the tool will be better at analyzing arm elf files that are often used in Android malware.
Chen said this collaboration will help register and highlight suspicious code behavior in native files, enabling faster malware analysis and decision making using Gemini AI.
Detecting Malware in ELF
By describing how the new tools work, Chen shared a case study of an illegal game app disguised as a music app. This app found in the Google Play store loaded secretly game sites for users in specific regions. It used various anti-analysis techniques (hiding key features of a native ELF file, time zone detection, dynamic download and decrypting additional malicious code) to remain hidden in ordinary vision.
However, by utilizing static analysis and CAPA, Google’s team identified these misleading behavior and successfully removed the app.
Capa detects malware capacities in ELF files and new rules have been developed specifically for Android, Chen explained further.
These rules identify behaviors such as Ptrace API calls (antidebugging), withdrawal of device and time zoneInfo via JNI, download and decrypt of code, using Base64 & Cipher API for coding/encryption, allowing analysts to fast mountains with blurred code.
Google also added Gemini AI to summarize the most suspicious features highlighted by Capa. The AI tool can make assessments of the risk level, insight into the veil, antidebugs and connectivity tactics, enabling a faster and more efficient malware detection and rule writing.
“Equipped with the rapidly developing Gemini, our analysts are able to spend less time on the sophisticated samples, minimizing the exposure to malicious apps and ensuring the security of Android ecosystems,” Chen concluded.
