Detecting malware on Android remains a major challenge because malicious apps use sophisticated evasion techniques. This study presents RAX-ClaMal, a novel approach leveraging dynamic analysis of RAX (Register a Extended) register values for Android malware detection. By extracting and examining the RAX register in the data sections from Dalvik Executable (DEX) files, RAX-ClaMal monitors changes in RAX register values to identify malicious behavior. Employing the Jaccard similarity index for classification, the method achieved a precision of 95.38%, a false positive rate of 1.59%, and an average detection time of 9.54 s per sample on the CICMalDroid2020 dataset. These results underscore the potential of using register values as indicators of malicious activity within Android applications.
