NQ Mobile Details New Android Malware Detection Method

As cybercriminals crank out massive amounts of malware on a daily basis, identifying, analyzing and classifying malware is a challenge, and one that needs to be met using automation. This is nothing new for traditional anti-virus vendors, but something mobile security firms are still developing tools for.

This week, mobile security vendor NQ Mobile said that it has devised a new way to detect mobile threats without relying on known malware samples and their signatures.

The tool, which the company calls “RiskRanker”, is an analysis system that can automatically detect whether a particular app exhibits malicious behavior. The company claims RiskRanker differs from other malware tools by identifying apps with risky behavior while they are in the app market and before they make their way to a user’s phone.

RiskRanker was jointly developed by NQ Mobile’s Vice President of Research, Dr. Simon Shihong Zou and NQ Mobile’s Chief Scientist and Associate Professor at North Carolina State University, Xuxian Jiang, along with fellow researchers.

“RiskRanker employs a unique two-step method of discovering malware,” said Dr. Zou this week, during a presentation at the MobiSys 2012 conference in London. “This two-step system greatly improves the accuracy in identifying patterns of seemingly innocent API uses that can actually be malware,” Zou concluded.

The company said that during a trial run earlier this year RiskRanker scanned over one hundred thousand apps from a multiple marketplaces that provide Android applications and identified 718 malware threats, including 322 zero-day threats.

In its 2011 Mobile Threats Report, Juniper Networks said there was a 155 percent increase in mobile malware across all mobile platforms in 2011, and a whopping 3,325 percent increase in malware specifically targeting the Android platform in the last seven months of 2011 alone.