Google’s Android security team is stepping up its game by collaborating with cybersecurity experts at Mandiant FLARE to boost the capabilities of the capa open-source binary analysis tool, focusing on ARM ELF files commonly used in Android malware. Together with Gemini AI, this partnership aims to improve the detection of suspicious code behaviors in native files, speeding up malware analysis and decision-making processes.

Through a recent case study, Google’s Lin Chen demonstrated how these new tools uncovered an illegal gambling app masquerading as a music app on the Google Play Store. By leveraging static analysis and capa, deceptive techniques such as hiding key functions, dynamic downloading, and decryption of malicious code were exposed, leading to the successful removal of the app. Specifically tailored rules for Android developed by Chen help identify anti-debugging measures, data extraction methods, and malicious code encryption, streamlining the detection of suspicious functions.

The integration of Gemini AI further enhances this process by providing risk level assessments and insights into obfuscation tactics, enabling quicker and more effective malware detection and response. By utilizing this cutting-edge technology, Google’s analysts can efficiently combat sophisticated threats, safeguarding the Android ecosystem from malicious apps and ensuring user safety.