Analysis exposes the lengths malware authors will go to in order to protect their code from disassembly and reverse engineering.
A malware sample that had code in all the wrong places piqued Maddie Stone’s curiosity. So she dug into the sample and emerged many hours later with a description of a complex anti-analysis library that threat actors are using to, among other things, give new life to old threats.
“I came across this app that had a native code library, which is not that common in the Android security space where I was doing the malware analysis,” says Stone, a security engineer for Google Android security. “It was strange compared to all the other ones I’ve looked at before — nothing looked where it should have been.”