Android malware case studies
Sponsored Links
This presentation is the property of its rightful owner.
1 / 23

Android Malware Case Studies PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Android Malware Case Studies. Yuanhao Lyu 2013-06-03. Overview. 1. introduction of Android app 2. goal of analysis 3 . tools 4. malware sample 5. Step by step 6 . the pattern 7 . food for thought 8 . References. Intro of Android app.

Download Presentation

Android Malware Case Studies

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Android Malware Case Studies




  • 1. introduction of Android app

  • 2. goal of analysis

  • 3. tools

  • 4. malware sample

  • 5. Step by step

  • 6. the pattern

  • 7. food for thought

  • 8. References

Intro of Android app

  • AndroidManifest.xml——Configuration files for Android programswhich can rule the permission, program entry points and so on.

  • Intent: A message Class used as a communication among Activity, Service and Receiver

  • Three ways into the program(Each of below should be registered in .xml)

    1. Activity

    2. Service

    3. Broadcast Receiver(used once a system event happens, it can revoke an activity or service too)

Android app entry points

Goal of analysis

extracting one malware behavior pattern!



A tool software for downloading other Applications

Step by step

  • First let’s have a look at the global xml files

Step by step

  • Then comes to the BootReceiver files


  • Broadcast Receiver running steps:


  • Service running steps:

    onCreate() -> onStartCommand() -> onDestroy()

  • startService() -> onStartCommand()

Step by step

Step by step

PendingIntent is also an intent which is used to leaving current method to other applications

Step by step

Step by step

Step by step

Step by step

  • Downloading apks to local directory with the information uploaded above!


Food for thought

  • Core malware behaviors in one method.

    2.Focus on key Android APIs

    3.Concentrated on one most likely to behave bad and it worth thinking

    4.Handling types will be tricky, as variable can be force casted. So how to get a reasonable typing system within our analysis tool worth thinking, as well.

Food for thought

  • Analysis based on java is not efficient at all!

  • Try to use tools called “Cerbero Profiler” converting the byte code to

    Assemble language like mova,b


What we will work on…

  • To collect and analysis as much as patterns of malware

  • When encountering these patterns, warn the user and give the action

  • So how to recognize these patterns?

    Grasping keywords or fixed data flows such as new thread.start()

    Information sending, downloading and so on




Android APK反编译详解


Android Training for Service


Thank you and longing for advices!

E-mail: [email protected]

Phone: 18801970690

  • Login