Android malware case studies
Download
1 / 23

Android Malware Case Studies - PowerPoint PPT Presentation


  • 150 Views
  • Uploaded on
  • Presentation posted in: General

Android Malware Case Studies. Yuanhao Lyu 2013-06-03. Overview. 1. introduction of Android app 2. goal of analysis 3 . tools 4. malware sample 5. Step by step 6 . the pattern 7 . food for thought 8 . References. Intro of Android app.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Android Malware Case Studies

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Android Malware Case Studies

YuanhaoLyu

2013-06-03


Overview

  • 1. introduction of Android app

  • 2. goal of analysis

  • 3. tools

  • 4. malware sample

  • 5. Step by step

  • 6. the pattern

  • 7. food for thought

  • 8. References


Intro of Android app

  • AndroidManifest.xml——Configuration files for Android programswhich can rule the permission, program entry points and so on.

  • Intent: A message Class used as a communication among Activity, Service and Receiver

  • Three ways into the program(Each of below should be registered in .xml)

    1. Activity

    2. Service

    3. Broadcast Receiver(used once a system event happens, it can revoke an activity or service too)


Android app entry points


Goal of analysis

extracting one malware behavior pattern!


Tools


Sample———live.photo.savanna.apk

A tool software for downloading other Applications


Step by step

  • First let’s have a look at the global xml files


Step by step

  • Then comes to the BootReceiver files


Recalling…

  • Broadcast Receiver running steps:

    onReceive()

  • Service running steps:

    onCreate() -> onStartCommand() -> onDestroy()

  • startService() -> onStartCommand()


Step by step


Step by step

PendingIntent is also an intent which is used to leaving current method to other applications


Step by step


Step by step


Step by step


Step by step

  • Downloading apks to local directory with the information uploaded above!


Conclusion


Food for thought

  • Core malware behaviors in one method.

    2.Focus on key Android APIs

    3.Concentrated on one most likely to behave bad and it worth thinking

    4.Handling types will be tricky, as variable can be force casted. So how to get a reasonable typing system within our analysis tool worth thinking, as well.


Food for thought

  • Analysis based on java is not efficient at all!

  • Try to use tools called “Cerbero Profiler” converting the byte code to

    Assemble language like mova,b

    URL: http://icerbero.com/profiler/


What we will work on…

  • To collect and analysis as much as patterns of malware

  • When encountering these patterns, warn the user and give the action

  • So how to recognize these patterns?

    Grasping keywords or fixed data flows such as new thread.start()

    Information sending, downloading and so on


References

AnalysingAndroid/BadNews.A

--- http://www.xchg.info/?cat=16

Android APK反编译详解

---http://blog.csdn.net/sunboy_2050/article/details/6727581

Android Training for Service

---http://developer.android.com/training/index.html


Thank you and longing for advices!

E-mail: lilian-917@163.com

Phone: 18801970690


ad
  • Login