AndroTracker: Creator Information based Android Malware Classification System

Thousands of malicious applications targeting mobile devices, including the popular Android platform, are created every day. A large number of those applications are created by a small number of professional underground actors, however previous studies overlooked such information as a feature in detecting and classifying malware, and in attributing malware to creators. Guided by this insight, we propose a method to improve on the performance of Android malware detection by incorporating the creator’s information as a feature and classify malicious applications into similar groups. We developed a system called AndroTracker that implements this method in practice. AndroTracker enables fast detection of malware by using creator information such as serial number of certificate. Additionally, it analyzes malicious behaviors and permissions to increase detection accuracy. AndroTracker also can classify malware based on similarity scoring. Finally, AndroTracker shows detection and classification performance with 99% and 90% accuracy respectively.