Results 1 to 5 of 5

Thread: Android Malware

  1. #1

    Android Malware

    Dear Friends,

    Since the rise of Android malware is in progress, Let's start a new discussion about it.

    Android malware such as FakeInstaller, GoldDream tend to communicate with sending and receiving SMS. DroidKungFu try to get sensitive information from the device by calling for example getSubscriberId API. GingerMaster want to use a root exploit.

    So in general, for analyzing an Android malware, there are a list of features that can be applied and they are divided into 2 parts :

    1) Analyse the AndroidManifest.XML :
    Extract Hardware components which are used in an app, requested permission, App components such as activities, services, content providers & broadcast receivers, and Filtered intents.

    2) Disassemble the dex code :
    Extract API calls and find the restricted API calls, suspicious API calls and network addresses which is used in network API call.

    These features can show rich information about Android malware.

    Can you add some other useful features that are discriminative between malware and benign.

    Thanks for continuing the discussion.

  2. #2
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    (¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  3. #3
    Quote Originally Posted by Shub-nigurrath View Post

    Thank you for the links.

    They are very helpful

  4. #4
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    There are a lot of other alternatives you can use beside those two I mentioned above..

    you also can use one of the several online apk analyzer, opensource or hosted by some AV company. For example these:
    - http://www.apk-analyzer.net/
    - Andrubis, http://anubis.iseclab.org/
    - MobiWORM, http://blog.mobworm.de/
    - mobile sandbox, http://mobilesandbox.org/

    or use one of the static analysis frameworks like SAAF (http://code.google.com/p/saaf/) or dexter (http://dexter.dexlabs.org/)

    or even “MoCFI - A Framework to Mitigate Control-Flow Attacks on Smartphones” by Davi et al., NDSS 2012.. find it on your own..

    Look also at the papers here:
    - http://www.malgenomeproject.org/
    - http://www.csc.ncsu.edu/faculty/jiang/pubs/index.html

    BR,
    Shub
    (¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  5. #5
    Quote Originally Posted by Shub-nigurrath View Post
    There are a lot of other alternatives you can use beside those two I mentioned above..

    you also can use one of the several online apk analyzer, opensource or hosted by some AV company. For example these:
    - http://www.apk-analyzer.net/
    - Andrubis, http://anubis.iseclab.org/
    - MobiWORM, http://blog.mobworm.de/
    - mobile sandbox, http://mobilesandbox.org/

    or use one of the static analysis frameworks like SAAF (http://code.google.com/p/saaf/) or dexter (http://dexter.dexlabs.org/)

    or even “MoCFI - A Framework to Mitigate Control-Flow Attacks on Smartphones” by Davi et al., NDSS 2012.. find it on your own..

    Look also at the papers here:
    - http://www.malgenomeproject.org/
    - http://www.csc.ncsu.edu/faculty/jiang/pubs/index.html

    BR,
    Shub

    The links are very good.
    Thank you so much Shub.

Similar Threads

  1. Reversing Android APK
    By LaBBa in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: January 2nd, 2012, 05:39
  2. Android App Debugging? Anyone doing it?
    By FrankRizzo in forum The Newbie Forum
    Replies: 11
    Last Post: November 16th, 2011, 03:14
  3. Android Reverse Engineering - A Kick Start
    By nagareshwar in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: February 28th, 2011, 08:17
  4. ARTeam: Reversing Android SlideLock 1.1 by Nieylana
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: December 4th, 2010, 21:57
  5. Android - DEX file format
    By OHPen in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: June 25th, 2009, 18:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •