Android emulated environment for malware testing

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
L

LabZero

Guest
#1
Hello everyone

Today there are more and more issues concerning the mobile security, in addition to the growing number of smartphone purchased, grow the number of apps downloaded by each user, and the possibility of downloading apps infected with malwares or viruses. In particular, the Android malwares are the subject of several studies by researchers, but have not yet generated proper attention in the users. Users are not aware of the risks related to the installation of applications and don’t pay attention to the permissions they require. Malicious applications developers take advantage of various social engineering techniques to be able to install malware on users' devices. The most common technique is to distribute free versions of popular apps usually supplied with a fee on alternative Android markets that will certainly entice users that don't pay attention to security. Another technique is to leverage the update of an application initially not malicious including in it an update component that will download the malicious payload at runtime. The main goals of criminals that design these malwares ranges from "privilege escalation", trying to get administrative rights on the device, remote control, financial charge by sending SMS to premium numbers or the collection of personal information.

So I thought of introducing another level of analysis in our Malware Hub: the installation of an Android emulator to test specific APK malware for Android antivirus testing, so it is possible to test malware and Android antivirus in specific and better conditions.

Anyone who wants to test Android malware in emulated environment can install MEmu

The MEmu emulator needs the user's current Windows platform, which can start running Android on your desktop with internet connection (shared).
Users can also customize certain details such as CPU, root mode, display resolution, memory size and a whole lot more.
Other highlights include file sharing between Android and Windows and quick APK installation through dropping and dragging for our purpose.

I then installed MEmu on my Windows 7 x64bit on Shadow Defender without problems and I downloaded and installed an APK malware, testing it with Avast Mobile Security.

I highly recommend the installation of MEmu in a VM because it's known that Android malware could infect Windows and on MEmu interface you can see shared folders.

Everyone can decide whether to use MEmu or install another emulator of your choice and I hope this thread will be useful for our malware/anti-malware testers.

MEmu installation and UI

Cattur.PNG


Cattura.PNG



Import APK in MEmu

Cattura3.PNG


APK malware and Avast MS detection

Antivirus scan for 80612fe193401626268553c54a865e67b76311e782005ede2ba7a87a5d637420 at 2016-01-27 17:24:57 UTC - VirusTotal

Cattura4.PNG


Cattura2.PNG


Of course feel free to add suggestions and improvements in this thread! :)
 
Last edited by a moderator:
Oct 16, 2015
909
5,661
Operating System
Windows 10
Installed Antivirus
Comodo
#2
Excellent tutorial! It outlines every necessary step required for anyone to begin malware testing on Android!

A little note, though, Bluestacks is supposed to emulate the Android runtime environment to run Android apps on PC - it is not designed to emulate an entire Android OS.
 
Oct 16, 2015
909
5,661
Operating System
Windows 10
Installed Antivirus
Comodo
#5
Emulate something inside a VM ?
@Klipsch: Are you using a Nuclear-powered computer ?
Android is not really that heavy to emulate, even from within a VM.
If you have capable hardware, you can also do a GPU passthrough for optimal native performance output from the VM, so it feels like it's a physical machine. :p
 

Rishi

Level 19
Verified
Dec 3, 2015
910
8,105
Operating System
Windows 10
Installed Antivirus
Webroot
#8
I am running 2 emulators BlueStacks and Andy on another machine and tried the new Remix OS, unfortunately didnt work.. now remix OS inside a VM would not be a big deal if it can just boot..memu looks greats though.
 
Last edited: