Security researchers demonstrated a powerful Android hacking tool called AVPASS that is able to evade detection from almost all mobile antivirus software. A mass demonstration is scheduled at the annual Black Hat USA conference during the briefings that are going to take place on July 27 and 27.
The AVPASS Android Hacking Tools Demonstrates Stealth Protection
The annual Black Hat USA security conference presents some of the newest security protectio tactics and new types of attacks. A team of security engineers have scheduled a talk about а new Android hacking tool called AVPASS that demonstrates an almost complete antivirus detection evasion. According to the available information the utility has been tested using the standard VirusTotal suite.
The AVPASS hacking tool follows an algorithmic behavior pattern:
- Once launched the AVPASS immediately scans for a wide array of available anti-virus signatures. This is done by engaging a built-in module that contains the full heuristic descriptions of almost all anti-virus products.
- The next steps uses a designer malware generator that is able to craft multiple variants of a single virus. Depending on the hacker configuration this step can include a single or multiple Android virus families to provoke the anti-viruses into launching their real-time engines.
- A data analyzer carefully monitors the actions of the anti-virus products and based on their behavior bypasses the protection.
Effectively the victims of the AVPASS Android hacking tool may see that a malware has been detected and removed (or quarantined) by a generic virus. In the meantime it is possible that an AVPASS Android malware instance has been deployed to the victim device. One of the most worrisome facts is that the victims have no way of discovering if their device has been infected. The attack module does not present any signs to the users, only a careful security review may reveal AVPASS presence.
The AVPASS Android Hacking Tool Is Useful to the Security Community
AVPASS is a tool made by security researchers, not hackers. This showcases the fact that the research community is aiming to improve the current landscape. We have reported numerous times that advanced malware and botnet infections have caused millions of devices to become victims of hackers. The toolkit reveals key weaknesses that have been used to exploit actual devices. Once the software is released to the wider audience we expect to see a much improved array of antivirus products available for Google’s mobile operating system.
The associated anti-virus products were found to contain a major weakness – a large part of the utilize a common list of detection rules. This allows the AVPASS hacking tool and other related malware to bypass detection by implementing a single feature obfuscation tactic. The team behind the project is involved into researching security vulnerabilities and machine learning algorithms. The tool is part of a large research project that studies how hackers can disrupt anti-virus mechanisms and other cyber security protection means.