SophosLabs has come across some fresh examples of this – specifically, anti-emulation Android malware. The findings are in a Sophos Blog write up by Android specialists Chen Yu, William Lee, Jagadeesh Chandraiah and Ferenc László Nagy.
In it, they explain how Android malware is copying the anti-emulation techniques that have served Windows malware writers so well.
First, let’s look at what an emulator is. Most online definitions describe it as hardware or software that allows one computer (the host) to imitate another computer (the guest). It typically allows the host system to run software or use peripheral devices designed for the guest system. In security, it’s a handy way to test malware behavior or larger security operations readiness.