EVADES · Evasion-aware Detection Sandbox

Mobile malware is getting harder and harder to detect. This is one of the reasons why malicious apps regularly appear on the official Play Store, despite the considerable effort Google and the security industry put into early detection and validation of each application. To mitigate this problem, EVADES aims to combine a number of novel techniques developed as part of the ERC BitCrumbs project into the first evasion-resilient, scalable, and maintainable sandbox to analyze Android applications. Our current prototype outperforms all open-source and commercial competitors, showing a significant technological advantage over the current market. We already performed preliminary experiments and the results we obtained are as worrisome for users as they are encouraging to justify a business idea. In fact, 70% of the Android malware we tested with our technology implemented some form of evasion targeting existing malware analysis tools. This shows that the data we are using today to decide whether applications are benign or malicious is completely unreliable.The EVADES project will focus on transforming our prototype server-side component into production software, developing the missing client-side components required to produce an MVP, and exploring different ways we could sell and monetize our technology. We are certain that our solution has the potential to revolutionize the Android security market by providing a more accurate and scalable way to collect information about the behavior of applications. This is paramount for any mobile security solution, as well as for existing and future machine learning-based approaches that today struggle to use the unreliable information provided by existing dynamic analysis systems.