Many different methods of mobile malware detection are currently in use or under development, including:
• Signature-based malware detection: A pattern-matching approach taken by many commercial antivirus solutions. The scanner scans for a sequence of bytes within a program code to identify and report a malicious code or uses hash values of known bad files.
• Specification-based malware detection: Makes use of a set of rules for what is considered “normal” activity to determine the maliciousness of programs that violate the predefined rule set.
• Behavioral-based detection: Not only performs surface scanning, but also identifies the malware’s action. This approach generates a database of malicious behaviors by studying several families of malware on a target operating system and distinguishes a malicious program from normal application behaviors. Behavioral-based detection systems are capable of detecting metamorphic malware that keeps reproducing.
• Data mining detection: Detects patterns in large amounts of data, such as bytecode, and uses these patterns to detect future instances in similar data.
• Cloud-based malware detection: Such as Google Bouncer, which automatically scans applications on the Google Play Store for malware. As soon as an application is uploaded, Bouncer checks it and compares it to other known malware, trojans, and spyware. Every application is run in a simulated environment to see if it will behave maliciously on an actual device. Google Play can remotely uninstall applications in the event that an installed app is later found to be malicious.
Physical Analyzer can be used to scan for mobile malware using Bitdefender’s malware signatures. By clicking the blue shield in the Tools dropdown, you can open the malware detection wizard inside Cellebrite Physical Analyzer.
The first time you run the malware scanner in Physical Analyzer, you need to download the signature database from the website. Physical Analyzer prompts you through the steps to install the malware signature database.
The database can be installed locally or via the internet. Remember, your malware scanner is only as good as your latest signatures. Make sure to update regularly.
Once you install the malware database, you are prompted to choose the partition or file you want to scan. Select by checking the box and click the Scan button.
Once you click the Scan button, scanning begins in the background. You can watch the scan progress in the left pane of Physical Analyzer, and you can continue to work in Physical Analyzer as the scan progresses. Once complete, results appear in the tree pane on the left.
