- The Android safety team associates with manner Flare for upgrading
- The Open Source Binary Analysis tool is being improved
- Gemini Ai is also thrown into the mixture
Google increases its Android safety protection with new application safety tools.
In a new blog article, Lin Chen from Google has announced that the company’s security and confidentiality team of the company is associated with manner Flare, to improve the Open Source binary analysis tool. In this way, the tool will be better to analyze ELF ARM files, often used in Android malware.
Chen said this collaboration will help detect and highlight the code suspect behavior in native files, allowing faster malicious analysis and decision -making, with the help of Gemini AI.
Detect malware in ELF
Describing the operation of new tools, Chen shared a case study of an illegal game application disguised in musical application. This application, found on the Google Play Store, secretly loaded game websites for users in specific regions. He used different anti-analysis techniques (keys to a native ELF file, time zone detection, dynamic download and deciphering an additional malicious code) to stay hidden at sight.
However, by taking advantage of static analysis and the CAPA, Google’s team identified these misleading behaviors and managed to remove the application.
CAPA detects malicious software capacities in ELF files, and new rules have been developed specifically for Android, said Chen.
These rules identify behaviors such as API PTRACE calls (anti-debugging), extract information on devices and time zone via JNI, download and decryption of the code, using Base64 and a Cipher API for Coding / Encryption, allowing analysts to quickly locate suspicious functions, without having to go over the wire mountains of obscured code.
Google also added Gemini AI to summarize the most suspect functions highlighted by CAPA. The AI tool can carry out assessments in terms of risks, information on obscure, anti-debt and camouflage tactics, allowing faster and more efficient malware detection and writing rules .
“Equipped with rapidly evolving Gemini, our analysts are able to spend less time on these sophisticated samples, minimizing exposure to malicious applications and guaranteeing the safety of Android ecosystems,” concluded Chen.
