250 likes | 511 Views
Android Malware Case Studies. Yuanhao Lyu 2013-06-03. Overview. 1. introduction of Android app 2. goal of analysis 3 . tools 4. malware sample 5. Step by step 6 . the pattern 7 . food for thought 8 . References. Intro of Android app.
E N D
Android Malware Case Studies YuanhaoLyu 2013-06-03
Overview • 1. introduction of Android app • 2. goal of analysis • 3. tools • 4. malware sample • 5. Step by step • 6. the pattern • 7. food for thought • 8. References
Intro of Android app • AndroidManifest.xml——Configuration files for Android programswhich can rule the permission, program entry points and so on. • Intent: A message Class used as a communication among Activity, Service and Receiver • Three ways into the program(Each of below should be registered in .xml) 1. Activity 2. Service 3. Broadcast Receiver(used once a system event happens, it can revoke an activity or service too)
Goal of analysis extracting one malware behavior pattern!
Sample———live.photo.savanna.apk A tool software for downloading other Applications
Step by step • First let’s have a look at the global xml files
Step by step • Then comes to the BootReceiver files
Recalling… • Broadcast Receiver running steps: onReceive() • Service running steps: onCreate() -> onStartCommand() -> onDestroy() • startService() -> onStartCommand()
Step by step PendingIntent is also an intent which is used to leaving current method to other applications
Step by step • Downloading apks to local directory with the information uploaded above!
Food for thought • Core malware behaviors in one method. 2.Focus on key Android APIs 3.Concentrated on one most likely to behave bad and it worth thinking 4.Handling types will be tricky, as variable can be force casted. So how to get a reasonable typing system within our analysis tool worth thinking, as well.
Food for thought • Analysis based on java is not efficient at all! • Try to use tools called “Cerbero Profiler” converting the byte code to Assemble language like mova,b URL: http://icerbero.com/profiler/
What we will work on… • To collect and analysis as much as patterns of malware • When encountering these patterns, warn the user and give the action • So how to recognize these patterns? Grasping keywords or fixed data flows such as new thread.start() Information sending, downloading and so on
References AnalysingAndroid/BadNews.A --- http://www.xchg.info/?cat=16 Android APK反编译详解 ---http://blog.csdn.net/sunboy_2050/article/details/6727581 Android Training for Service ---http://developer.android.com/training/index.html
Thank you and longing for advices! E-mail: lilian-917@163.com Phone: 18801970690