Georgia Tech experts developed an Android hacking tool which managed to bypass almost all of the 58 Android antivirus applications.
The so called “AVPass toolkit” features a query function which vets and probes an Android AV app’s detection capabilities. This is a malware version generator generating numerous variations of a sample, as well as a data analyzer analyzing the findings and using this data to bypass the AV applications on mobile devices.
The security experts intend to promote the new toolkit at Black Hat USA, Las Vegas during the AVPass: Leaking and Bypassing Antivirus Detection Model Automatically Session next week.
“AVPass is meant to make sure whatever malware you’re sending cannot be screened by antivirus,” the expert Max Wolotsky from Georgia Tech says. “The entire goal of AVPass is if you scan malware on either VirusTotal or another AV program, it can’t be identified”, Wolotsky explains.
By this moment, from all the popular and lesser-known AV programs offered online for free, only AhnLab and WhiteArmour’s AV programs have managed to stop the AVPass tool in its tracks in most cases.
“We can’t say for sure that we can bypass the other 56 AVs 100% of the time; however, in our tests we were almost always able to do so,” Wolotsky claims. On average, AVPass-generated apps were detected by AV only six percent of the time, the researcher continues.
Max Wolotsky and his colleagues learned a few more things about the Android AV programs in their project – among these is the fact that the more complex an AV program’s detection rules are, the stronger its ability to catch malware is.
According to Wolotsky, AV apps can defend against an AVPass-type attack by classifying AVPass as malicious. At the same time, the Android AV app vendors can rate-limit their AV tools and generate “null” responses so the attack can’t glean any intel about the AV program’s capabilities.
What the AVPass does, is sending a series of fake malware variants to test the AV’s functions in snippets so as not to release the entire malware sample during the recon phase. After that, it alters the malware with the intel in hand.
“We found that most AVs commonly use a fixed number of detection rules,” Max Wolotsky says. “For instance, a weak AV can be bypassed only after one feature obfuscation.”
In fact, the AVPass project is just one of all the research initiatives on vulnerabilities in machine learning algorithms. The main purpose of these projects is to study how hackers could manipulate machine learning algorithms and compromise customized news feeds, search engines, security analytics, fraud detection, facial and voice recognition, etc.
The work of Wolotsky’s team on the AVPass tool started with exploring how antivirus tools classify malware and determining what machine-learning techniques the AV programs employ. Now the ultimate goal of the researchers is to find ways for these AV programs to stop malware on its way to the target.