AVPASS is a tool for leaking the detection model of Androidmalware detection systems (i.e., antivirus software), and bypassing their detection logics by using the leaked information coupled with APK obfuscation techniques. AVPASS is not limited to detection features used by detection systems, and can also infer detection rules so that it can disguise any Androidmalware as a benign application by automatically transforming the APK binary. To prevent leakage of the application logic during transformation, AVPASS provides an Imitation Mode that allows malware developers to safely query curious detection features without sending the entire binary.
AVPASS offers several useful features to transform any Androidmalware so it can bypass anti-virus software. Below are the main features AVPASS offers:
- APK obfuscation with more than 10 modules
- Feature inference for the detection system by using individual obfuscation
- Rule inference of the detection system by using the 2k factorial experiment
- Targeted obfuscation to bypass a specific detection system
- Safe query support by using Imitation Mode
- Bypassing API-, Dataflow-, Interaction-based detection systems
- Inferring and Bypassing AVs through VirusTotal
Running & Docs
More documentation is available in docs/README.md.
Authors
These are the list of contributors for implementing AVPASS:
- Jinho Jung
- Chanil Jeon
- Max Wolotsky
- Insu Yun