Malware is a long lasting problem in computers. Malware that reaches the device and executed has a potential of implementing malicious activities, such as data deletion, data hijacking, monitoring private activity and communications, impersonating the owner of the device, infecting other devices with malware, or the like.
Nowadays, solutions tend to rely on classical signatures models. In classical signatures models there are known signatures of malicious code, such as an entire app, module within an app, or the like. In some cases, the signature is an observable indicator for malicious code libraries in analyzed apps. This approach is able to identify a specific variant of malware as long as the code the signature relies on is not modified. Hence, it can be bypassed by malware-writers by merely changing the malicious code a bit, to avoid from being matched by the signature. Also, this approach requires prior knowledge of the existence of a malware. Hence, new malware that does not recycle code modules may not be identified by such an approach.