Download presentation
Presentation is loading. Please wait.
Published byDamon Goodwin Modified over 8 years ago
1
2014 When Android Apps Go Evil Jing Xie jing.xie@lookout.com Lookout Inc. 2014 #GHC14 2014
2
Evil Outline Android OS & App Development Malware Landscape Reverse Engineering Analysis Insights & Challenges
3
2014 Android OS Linux based Open sourced Java for app dev Dalvik VM (ART since 4.4) Security & Privacy Sandboxing Permissions Secure IPC Cryptography
4
2014 Making of Apps
5
2014 Android Malware (NOT VIRUS PLZ!)
6
2014 Threat Landscape
7
2014 Depending on Origin USAFrance + SpainRussiaIndiaChina Vietnam Trojan Toll Fraud Spyware Chargeware Surveillanceware Spam Ransomware RootEnabler Exploit Riskware
8
2014 Malware as a Business
9
2014 Agile Malware Development SMSActor distribution SMS Toll Fraud: sending premium text messages without consent April 2012 April 2014 SMSActor: Russian Toll Fraud Variant Life Span: Activated Deactivated Decommissioned
10
2014 Incentive and Feasibility http://www.onepf.org/appstores/ http://www.techinasia.com/10-android-app-stores-china-2014-edition/ Anzhi AppChina D.cn Games Center gFan HiAPK Aptoide Panda App Taobao App Market Tencent App Gem Xiaomi Mumayi SK T-Store Naver NStore APPZIL olleh Market o Yandex.Store A HUGE NUMBER OF Apps Not in Google Play Store SlideMe.org AppBrain 1MobileMarket Mobile9 Mobango Barzaar Amazon appstore AppZoom AppsLib
11
2014 Incentive and Feasibility http://www.theguardian.com/technology/2014/aug/22/android-fragmented-developers-opensignal
12
2014 Reverse Machinery ( 一 ) baksmali; apktool dex2jar + jd-gui/luyten; input: apk/dex Output: smali Output: pseudo Java
13
2014 Reverse Machinery ( 二 ) Demo Time
14
2014 Scents of Android Malware (UN) Disingenuous advertisement Facebook icon && titled facebook; package name: com.facebook.sms com.facebook.katana More than advertised Irrelevant code package Payment SDK with no pay button (UI) Cost money APIs in unexpected context A system utility app sends SMS or make phone calls Free game that requires costs money permission Unnecessary outbound communications A battery saving app talks to a remote server Calculator that downloads stuff
15
2014 Scents of Android Malware (DEUX) Interesting log statements IsFuckSendIsLuckReceiverIsLuckReceiver 的 finally 已经 开始加锁 ** WHELCOME TO HELL ********* Interesting file assets /assets/libremotecontrol.so PNG is actually dex file System level operations Checks the root as a game app Peer information exchange Virus total says the app is malicious Interesting Log Statements IsFuckSendIsLuckReceiverIsLuckReceiver 的 finally 已经开始加锁 ** WHELCOME TO HELL ********* Interesting File Assets /assets/libremotecontrol.so PNG is actually dex file System Level Operations Checks the root as a game app Peer Information Exhange Virus Total says apps is malicious
16
2014 Analysis Challenges Technical Contextual Evasion Techniques Complicated Apps Sheer Volume Constraints on Devices Nuanced Context Malware Purpose Levels of Puzzle Solving
17
2014 When Android Apps Go Evil Jing Xie jing.xie@lookout.com Lookout Inc. 2014 #GHC14 2014 Thank You! Thanks to security team + designer @ lookout
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.