1 / 23

Android Malware Case Studies

Android Malware Case Studies. Yuanhao Lyu 2013-06-03. Overview. 1. introduction of Android app 2. goal of analysis 3 . tools 4. malware sample 5. Step by step 6 . the pattern 7 . food for thought 8 . References. Intro of Android app.

cutter
Download Presentation

Android Malware Case Studies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Android Malware Case Studies YuanhaoLyu 2013-06-03

  2. Overview • 1. introduction of Android app • 2. goal of analysis • 3. tools • 4. malware sample • 5. Step by step • 6. the pattern • 7. food for thought • 8. References

  3. Intro of Android app • AndroidManifest.xml——Configuration files for Android programswhich can rule the permission, program entry points and so on. • Intent: A message Class used as a communication among Activity, Service and Receiver • Three ways into the program(Each of below should be registered in .xml) 1. Activity 2. Service 3. Broadcast Receiver(used once a system event happens, it can revoke an activity or service too)

  4. Android app entry points

  5. Goal of analysis extracting one malware behavior pattern!

  6. Tools

  7. Sample———live.photo.savanna.apk A tool software for downloading other Applications

  8. Step by step • First let’s have a look at the global xml files

  9. Step by step • Then comes to the BootReceiver files

  10. Recalling… • Broadcast Receiver running steps: onReceive() • Service running steps: onCreate() -> onStartCommand() -> onDestroy() • startService() -> onStartCommand()

  11. Step by step

  12. Step by step PendingIntent is also an intent which is used to leaving current method to other applications

  13. Step by step

  14. Step by step

  15. Step by step

  16. Step by step • Downloading apks to local directory with the information uploaded above!

  17. Conclusion

  18. Food for thought • Core malware behaviors in one method. 2.Focus on key Android APIs 3.Concentrated on one most likely to behave bad and it worth thinking 4.Handling types will be tricky, as variable can be force casted. So how to get a reasonable typing system within our analysis tool worth thinking, as well.

  19. Food for thought • Analysis based on java is not efficient at all! • Try to use tools called “Cerbero Profiler” converting the byte code to Assemble language like mova,b URL: http://icerbero.com/profiler/

  20. What we will work on… • To collect and analysis as much as patterns of malware • When encountering these patterns, warn the user and give the action • So how to recognize these patterns? Grasping keywords or fixed data flows such as new thread.start() Information sending, downloading and so on

  21. References AnalysingAndroid/BadNews.A --- http://www.xchg.info/?cat=16 Android APK反编译详解 ---http://blog.csdn.net/sunboy_2050/article/details/6727581 Android Training for Service ---http://developer.android.com/training/index.html

  22. Thank you and longing for advices! E-mail: lilian-917@163.com Phone: 18801970690

More Related