{
	"id": "22fe121d-508c-4154-aaf8-426f50e16946",
	"created_at": "2026-04-06T15:54:22.759289Z",
	"updated_at": "2026-04-10T03:21:44.453585Z",
	"deleted_at": null,
	"sha1_hash": "2e0188e2706f3f56eeff3ecfc83819c3579a7abe",
	"title": "Rage against the virtual machine | Proceedings of the Seventh European Workshop on System Security",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41077,
	"plain_text": "Rage against the virtual machine | Proceedings of the Seventh\r\nEuropean Workshop on System Security\r\nBy Michalis PolychronakisColumbia UniversityView Profile\r\nArchived: 2026-04-06 15:47:01 UTC\r\nSeveral features on this page require Premium Access.\r\nInformation \u0026 Contributors\r\nBibliometrics \u0026 Citations\r\nReading Options\r\nReferences\r\nFigures\r\nTables\r\nMedia\r\nShare\r\nAbstract\r\nAntivirus companies, mobile application marketplaces, and the security research community, employ techniques\r\nbased on dynamic code analysis to detect and analyze mobile malware. In this paper, we present a broad range of\r\nanti-analysis techniques that malware can employ to evade dynamic analysis in emulated Android environments.\r\nOur detection heuristics span three different categories based on (i) static properties, (ii) dynamic sensor\r\ninformation, and (iii) VM-related intricacies of the Android Emulator. To assess the effectiveness of our\r\ntechniques, we incorporated them in real malware samples and submitted them to publicly available Android\r\ndynamic analysis systems, with alarming results. We found all tools and services to be vulnerable to most of our\r\nevasion techniques. Even trivial techniques, such as checking the value of the IMEI, are enough to evade some of\r\nthe existing dynamic analysis frameworks. We propose possible countermeasures to improve the resistance of\r\ncurrent dynamic analysis tools against evasion attempts.\r\nFormats available\r\nYou can view the full content in the following formats:\r\nReferences\r\n[1]\r\nhttp://googlemobile.blogspot.com/2012/02/android-and-security.html.\r\n[2]\r\nhttp://dl.acm.org/citation.cfm?id=2592796\r\nPage 1 of 2\n\nhttp://vrt-blog.snort.org/2013/04/changing-imei-provider-model-and-phone.html.\r\n[3]\r\nhttp://blog.sfgate.com/techchron/2013/10/10/stanford-researchers-discover-alarming-method-for-phone-tracking-fingerprinting-through-sensor-flaws/.\r\n[4]\r\nhttp://code.google.com/p/openintents/wiki/SensorSimulator.\r\nSource: http://dl.acm.org/citation.cfm?id=2592796\r\nhttp://dl.acm.org/citation.cfm?id=2592796\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"http://dl.acm.org/citation.cfm?id=2592796"
	],
	"report_names": [
		"citation.cfm?id=2592796"
	],
	"threat_actors": [],
	"ts_created_at": 1775490862,
	"ts_updated_at": 1775791304,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2e0188e2706f3f56eeff3ecfc83819c3579a7abe.pdf",
		"text": "https://archive.orkl.eu/2e0188e2706f3f56eeff3ecfc83819c3579a7abe.txt",
		"img": "https://archive.orkl.eu/2e0188e2706f3f56eeff3ecfc83819c3579a7abe.jpg"
	}
}