Presentation is loading. Please wait.

Presentation is loading. Please wait.

Android Malware Ananto Dharmo Aji & RnD Team

Published byMaximillian Booth Modified over 9 years ago

Similar presentations

Presentation on theme: "Android Malware Ananto Dharmo Aji & RnD Team"— Presentation transcript:

1 Android Malware Ananto Dharmo Aji & RnD Team
Department of Research and Development 1

2 Android Android is a mobile operating system (OS) based on the Linux kernel. Developed by Google Inc. The Android beta Version released on November 2007. 2008 HTC Dream Android Malware 2

3 Android Android Malware 3

4 Mobile/Tablet Operating System Market Share
Android Mobile/Tablet Operating System Market Share 4

5 Statistic of Android users and Internet habits in Indonesia
Statistic of Android users and Internet habits in Indonesia 5

6 Everyone should prepare to become a victim at some point.
Traditional Theft Everyone should prepare to become a victim at some point. 6

7 Modern Theft Defined as the successful or attempted misuse of CC, Bank-Account or other Personal Information 7

8 Android Malware Type Malware (malicious software)
is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Trojan malicious programs that perform actions that have not been authorised by the user. How Trojans can impact you Backdoor Exploit Rootkit Trojan-Banker Trojan-DDoS Trojan-Downloader etc Android Malware 8

9 Android Malware Type RAT atau Remote Access Trojan
is a malware program that includes a back door for administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program -- such as a game -- or sent as an attachment. 9

10 Analysis Method Dynamic Analysis Malware Static Analysis Malware
Android Malware 10

11 Sample iBanking Malware Dendroid Malware Android Malware 11

12 Sample Dynamic Analysis Malware (anubis) iBanking Malware
Required Permissions android.permission.READ_PHONE_STATE android.permission.ACCESS_WIFI_STATE android.permission.CHANGE_WIFI_STATE android.permission.CALL_PHONE android.permission.ACCESS_NETWORK_STATE android.permission.CHANGE_NETWORK_STATE android.permission.WRITE_EXTERNAL_STORAGE android.permission.INTERNET android.permission.RECEIVE_BOOT_COMPLETED android.permission.WRITE_SMS android.permission.READ_SMS android.permission.RECEIVE_SMS android.permission.SEND_SMS android.permission.READ_CONTACTS android.permission.RECORD_AUDIO Android Malware 12

13 Android Malware CNC xx CnC Server Android Malware 13

14 Control Number for Remote Access Trojans
Android Malware Control Bot_id=471 CNC Number= xxxx Control Number for Remote Access Trojans Android Malware 14

15 Static Analysis Malware
Decompile File Apk ./apktool d -s apk bali/in Android Malware 15

16 Android Malware Code Permission Access Android Malware 16

17 Static Analysis Malware
Result Disassembler file format dex java -jar baksmali jar bali/in/classes.dex -o bali/out/ Android Malware 17

18 Static Analysis Malware
CnC Server Control number Android Malware 18

19 Android Malware Android Malware 19

20 Android Malware When installing, this application is requiring Device Administrator. This application can wipe all data Android Malware 20

21 Android Malware Android Malware 21

22 Android Malware This application can be controlled by using sms by control number Android Malware 22

23 Tcpdump Result Android Malware 23

24 CNC Server Admin Page Android Malware 24

25 CNC Server GET SMS (Inbox) Android Malware 25

26 Malware Code Dynamic Analysis Malware (anubis) Dendroid Malware
Required Permissions android.permission.RECEIVE_BOOT_COMPLETED android.permission.QUICKBOOT_POWERON android.permission.INTERNET android.permission.READ_SMS android.permission.WRITE_SMS android.permission.GET_ACCOUNTS com.android.browser.permission.READ_HISTORY_BOOKMARKS android.permission.ACCESS_NETWORK_STATE android.permission.READ_CONTACTS android.permission.ACCESS_FINE_LOCATION android.permission.GET_TASKS android.permission.WAKE_LOCK android.permission.CALL_PHONE android.permission.SEND_SMS android.permission.WRITE_SETTINGS android.permission.READ_PHONE_STATE android.permission.WRITE_EXTERNAL_STORAGE android.permission.CAMERA android.permission.RECORD_AUDIO android.permission.PROCESS_OUTGOING_CALLS android.permission.RECEIVE_SMS Android Malware 26

27 Permission Android Malware 27

28 Anubis Report Android Malware 28

29 Reporting CnC server Not Found 
Examples of malware analysis at Virustotal website and Anubis, the results obtained on both the website CnC server could not be found. Android Malware 29

30 Android Malware Static Analysis Malware
Decompile file apk ./apktool d -s rnd.apk kutabali/in Android Malware 30

31 Disassembler file format dex
Android Malware Static Analysis Malware Disassembler file format dex java -jar baksmali jar kutabali/in/classes.dex -o kutabali/out/ Android Malware 31

32 Permission Android Malware 32

33 Android Malware URL Encode Android Malware 33

34 Android Malware Base64 Decode Android Malware 34

35 Android Malware CnC servers using Base64 encryption,
Base64 Decode CnC servers using Base64 encryption, Online tools for analyzing malware such as anubis and VirusTotal was not able to detect. Android Malware 35

36 Android Malware Android Malware 36

37 Infected User Android Malware 37

38 MyService.class Android Malware 38

39 Android Malware MyService.class 39

40 Admin Page Android Malware 40

41 TCPDUMP Process Android Malware 41

42 TCPDUMP Process Android Malware 42

43 Tools 1. Androguard : This application is used to reverse engineering. Androguard based python. 2. Android SDK : This application is actually used to create android apps. But in the process of analyzing the malware we also need this application. 3. APK Analyser : This application we use to perform static analysis. 4. APK Inspector : This application also to reverse engineer. Android Malware 43

44 Tools 5. Android-apktool : To compile and decompile an apk
6. Smali/Baksmali : disassembler applications for dex file format 7. Dex2jar : dex file an application for conversion into a jar file (java) 8. Droidbox : This application is used to perform dynamic analysis of malware 9. JD-GUI: decompile java application to perform file Android Malware 44

45 Reference http://www.darkreading.com/ https://www.bluecoat.com/
Android Malware 45

46 Cekap sementen saking kawula
Matur Nuwun suksama 46

Download ppt "Android Malware Ananto Dharmo Aji & RnD Team"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Cracking the Code of Mobile Application OWASP APPSEC USA 2012

Cracking the Code of Mobile Application OWASP APPSEC USA 2012
Programming Mobile Applications with Android

Programming Mobile Applications with Android
Northwestern University, IL, US,

Northwestern University, IL, US,
Android Malware in Practice Part II. Demo Recap SMSBypasser Here we hijacked the SMS text and sent it to our website This application could filter sms.

Android Malware in Practice Part II. Demo Recap SMSBypasser Here we hijacked the SMS text and sent it to our website This application could filter sms.
Android Malware Characterisaion. Android Under Attack Android Malware is on the rise In 2012 malware presence has increased by 580% compared to the same.

Android Malware Characterisaion. Android Under Attack Android Malware is on the rise In 2012 malware presence has increased by 580% compared to the same.
Justin Sahs and Prof. Latifur Khan 1 A M ACHINE L EARNING A PPROACH TO A NDROID M ALWARE D ETECTION.

Justin Sahs and Prof. Latifur Khan 1 A M ACHINE L EARNING A PPROACH TO A NDROID M ALWARE D ETECTION.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
ANDROID PROGRAMMING MODULE 1 – GETTING STARTED

ANDROID PROGRAMMING MODULE 1 – GETTING STARTED
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Presentation By Deepak Katta

Presentation By Deepak Katta
Reverse Engineering Obfuscated Android Applications

Reverse Engineering Obfuscated Android Applications
Android Introduction Platform Overview.

Android Introduction Platform Overview.
Introduction to Mobile Malware

Introduction to Mobile Malware
11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang 2010/3/29.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.
Mobile Operating System Security A PRESENTATION BY DANIEL ADAMS CSC 345 DR. BOX.

Mobile Operating System Security A PRESENTATION BY DANIEL ADAMS CSC 345 DR. BOX.
Introduction to Android Swapnil Pathak www.SecurityXploded.com Advanced Malware Analysis Training Series.

Introduction to Android Swapnil Pathak Advanced Malware Analysis Training Series.
Cyber Crimes.

Cyber Crimes.
All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영 2015. 04. 21.

All Your Droid Are Belong To Us: A Survey of Current Android Attacks 단국대학교 컴퓨터 보안 및 OS 연구실 김낙영

Similar presentations

Ads by Google