DroidMorph: Are We Ready to Stop the Attack of Android Malware Clones?. (arXiv:2106.09218v1 [cs.CR])

The number of Android malware variants (clones) are on the rise and, to stop
this attack of clones we need to develop new methods and techniques for
analysing and detecting them. As a first step, we need to study how these
malware clones are generated. This will help us better anticipate and recognize
these clones. In this paper we present a new tool named DroidMorph, that
provides morphing of Android applications (APKs) at different level of
abstractions, and can be used to create Android application (malware/benign)
clones. As a case study we perform testing and evaluating resilience of current
commercial anti-malware products against attack of the Android malware clones
generated by DroidMorph. We found that 8 out of 17 leading commercial
anti-malware programs were not able to detect any of the morphed APKs. We hope
that DroidMorph will be used in future research, to improve Android malware
clones analysis and detection, and help stop them.