android malware case studies
Download
Skip this Video
Download Presentation
Android Malware Case Studies

Loading in 2 Seconds...

play fullscreen
1 / 23

Android Malware Case Studies - PowerPoint PPT Presentation


  • 162 Views
  • Uploaded on

Android Malware Case Studies. Yuanhao Lyu 2013-06-03. Overview. 1. introduction of Android app 2. goal of analysis 3 . tools 4. malware sample 5. Step by step 6 . the pattern 7 . food for thought 8 . References. Intro of Android app.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Android Malware Case Studies' - cutter


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
android malware case studies

Android Malware Case Studies

YuanhaoLyu

2013-06-03

overview
Overview
  • 1. introduction of Android app
  • 2. goal of analysis
  • 3. tools
  • 4. malware sample
  • 5. Step by step
  • 6. the pattern
  • 7. food for thought
  • 8. References
intro of android app
Intro of Android app
  • AndroidManifest.xml——Configuration files for Android programswhich can rule the permission, program entry points and so on.
  • Intent: A message Class used as a communication among Activity, Service and Receiver
  • Three ways into the program(Each of below should be registered in .xml)

1. Activity

2. Service

3. Broadcast Receiver(used once a system event happens, it can revoke an activity or service too)

goal of analysis
Goal of analysis

extracting one malware behavior pattern!

sample live photo savanna apk
Sample———live.photo.savanna.apk

A tool software for downloading other Applications

step by step
Step by step
  • First let’s have a look at the global xml files
step by step1
Step by step
  • Then comes to the BootReceiver files
recalling
Recalling…
  • Broadcast Receiver running steps:

onReceive()

  • Service running steps:

onCreate() -> onStartCommand() -> onDestroy()

  • startService() -> onStartCommand()
step by step3
Step by step

PendingIntent is also an intent which is used to leaving current method to other applications

step by step7
Step by step
  • Downloading apks to local directory with the information uploaded above!
food for thought
Food for thought
  • Core malware behaviors in one method.

2.Focus on key Android APIs

3.Concentrated on one most likely to behave bad and it worth thinking

4.Handling types will be tricky, as variable can be force casted. So how to get a reasonable typing system within our analysis tool worth thinking, as well.

food for thought1
Food for thought
  • Analysis based on java is not efficient at all!
  • Try to use tools called “Cerbero Profiler” converting the byte code to

Assemble language like mova,b

URL: http://icerbero.com/profiler/

what we will work on
What we will work on…
  • To collect and analysis as much as patterns of malware
  • When encountering these patterns, warn the user and give the action
  • So how to recognize these patterns?

Grasping keywords or fixed data flows such as new thread.start()

Information sending, downloading and so on

references
References

AnalysingAndroid/BadNews.A

--- http://www.xchg.info/?cat=16

Android APK反编译详解

---http://blog.csdn.net/sunboy_2050/article/details/6727581

Android Training for Service

---http://developer.android.com/training/index.html

ad