Android malware case studies
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Android Malware Case Studies PowerPoint PPT Presentation


  • 118 Views
  • Uploaded on
  • Presentation posted in: General

Android Malware Case Studies. Yuanhao Lyu 2013-06-03. Overview. 1. introduction of Android app 2. goal of analysis 3 . tools 4. malware sample 5. Step by step 6 . the pattern 7 . food for thought 8 . References. Intro of Android app.

Download Presentation

Android Malware Case Studies

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Android malware case studies

Android Malware Case Studies

YuanhaoLyu

2013-06-03


Overview

Overview

  • 1. introduction of Android app

  • 2. goal of analysis

  • 3. tools

  • 4. malware sample

  • 5. Step by step

  • 6. the pattern

  • 7. food for thought

  • 8. References


Intro of android app

Intro of Android app

  • AndroidManifest.xml——Configuration files for Android programswhich can rule the permission, program entry points and so on.

  • Intent: A message Class used as a communication among Activity, Service and Receiver

  • Three ways into the program(Each of below should be registered in .xml)

    1. Activity

    2. Service

    3. Broadcast Receiver(used once a system event happens, it can revoke an activity or service too)


Android app entry points

Android app entry points


Goal of analysis

Goal of analysis

extracting one malware behavior pattern!


Tools

Tools


Sample live photo savanna apk

Sample———live.photo.savanna.apk

A tool software for downloading other Applications


Step by step

Step by step

  • First let’s have a look at the global xml files


Step by step1

Step by step

  • Then comes to the BootReceiver files


Recalling

Recalling…

  • Broadcast Receiver running steps:

    onReceive()

  • Service running steps:

    onCreate() -> onStartCommand() -> onDestroy()

  • startService() -> onStartCommand()


Step by step2

Step by step


Step by step3

Step by step

PendingIntent is also an intent which is used to leaving current method to other applications


Step by step4

Step by step


Step by step5

Step by step


Step by step6

Step by step


Step by step7

Step by step

  • Downloading apks to local directory with the information uploaded above!


Conclusion

Conclusion


Food for thought

Food for thought

  • Core malware behaviors in one method.

    2.Focus on key Android APIs

    3.Concentrated on one most likely to behave bad and it worth thinking

    4.Handling types will be tricky, as variable can be force casted. So how to get a reasonable typing system within our analysis tool worth thinking, as well.


Food for thought1

Food for thought

  • Analysis based on java is not efficient at all!

  • Try to use tools called “Cerbero Profiler” converting the byte code to

    Assemble language like mova,b

    URL: http://icerbero.com/profiler/


What we will work on

What we will work on…

  • To collect and analysis as much as patterns of malware

  • When encountering these patterns, warn the user and give the action

  • So how to recognize these patterns?

    Grasping keywords or fixed data flows such as new thread.start()

    Information sending, downloading and so on


References

References

AnalysingAndroid/BadNews.A

--- http://www.xchg.info/?cat=16

Android APK反编译详解

---http://blog.csdn.net/sunboy_2050/article/details/6727581

Android Training for Service

---http://developer.android.com/training/index.html


Android malware case studies

Thank you and longing for advices!

E-mail: [email protected]

Phone: 18801970690


  • Login