The presentation discusses the current state of the art in Android anti-analysis techniques and how to overcome them.
- Malware developers are willing to sacrifice market share to avoid detection
- Anti-analysis techniques include encryption, anti-reverse engineering, and runtime environment checks
- The malware will not run if it detects an emulator or debugger
- The malware checks for specific system properties and architecture before running
- Regex can be used to get around hard-coded addresses and registers
The speaker spent several days unpacking a packed unpacker and discovered the malware's sophisticated anti-analysis techniques. The malware developers were willing to miss out on potential targets if it meant avoiding detection. The malware used encryption, anti-reverse engineering, and runtime environment checks to prevent analysis. The speaker also used regex to get around hard-coded addresses and registers.