Implementation of Yara Rules in Android

Abstract

Malwares are malicious softwares aimed to damage and destroy computer systems and networks. Malware can exist in a wide variety of devices and operating systems. Cryptographic hashing and fuzzy hashing are two types of signature-based malware detection and classification techniques. In this paper we have tried to study the implementation of YARA rules in Android operating system, the properties of YARA rules and how it helps in an efficient detection of malicious android applications in the market. We outline the syntactical structure of YARA rules, their use cases, and how to create a YARA rule for a single malware or a family of malwares using Androguard and Cuckoo.