DOCSLIB.ORG

Android Malware and Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Android Malware and Analysis Quintans • Strazzere Information Technology / Security & Auditing Dunham • Hartman Morales The rapid growth and development of Android-based devices has resulted in a ANDROID MALWARE wealth of sensitive information on mobile devices that offer minimal malware protection. This has created an immediate demand for security professionals that understand how to best approach the subject of Android malware threats AND ANALYSIS and analysis. ANDROID MALWARE AND ANALYSIS ANDROID MALWARE In Android Malware and Analysis, Ken Dunham, renowned global malware expert and author, teams up with international experts to document the best tools and tactics available for analyzing Android malware. The book covers both methods of malware analysis: dynamic and static. This tactical and practical book shows you how to use to use dynamic malware analysis to check the behavior of an application/malware as it has been executed in the system. It also describes how you can apply static analysis to break apart the application/malware using reverse engineering tools and techniques to recreate the actual code and algorithms used. The book presents the insights of experts in the field, who have already sized up the best tools, tactics, and procedures for recognizing and analyzing Android malware threats quickly and effectively. You also get access to an online library of tools that supplies what you will need to begin your own analysis of Android malware threats. Tools available on the book’s site include updated information, tutorials, code, scripts, and author assistance. This is not a book on Android OS, fuzzy testing, or social engineering. Instead, it is about the best ways to analyze and tear apart Android malware threats. After reading the book, you will be able to immediately implement the tools and tactics covered to identify and analyze the latest evolution of Android threats. K23862 6000 Broken Sound Parkway, NW Suite 300, Boca Raton, FL 33487 ISBN: 978-1-4822-5219-4 711 Third Avenue 90000 New York, NY 10017 Ken Dunham • Shane Hartman an informa business 2 Park Square, Milton Park www.crcpress.com Abingdon, Oxon OX14 4RN, UK Jose Andre Morales 9 781482 252194 www.auerbach-publications.com Manu Quintans • Tim Strazzere K23862 cvr mech.indd 1 9/18/14 1:23 PM ANDROID MALWARE AND ANALYSIS OTHER INFORMATION SECURITY BOOKS FROM AUERBACH Anonymous Communication Networks: PRAGMATIC Security Metrics: Applying Protecting Privacy on the Web Metametrics to Information Security Kun Peng W. Krag Brotby and Gary Hinson ISBN 978-1-4398-8157-6 ISBN 978-1-4398-8152-1 Conducting Network Penetration and Responsive Security: Be Ready to Be Secure Espionage in a Global Environment Meng-Chow Kang Bruce Middleton ISBN 978-1-4665-8430-3 ISBN 978-1-4822-0647-0 Securing Cloud and Mobility: A Practitioner’s Guide Cyberspace and Cybersecurity Ian Lim, E. Coleen Coolidge, Paul Hourani George Kostopoulos ISBN 978-1-4398-5055-8 ISBN 978-1-4665-0133-1 Security and Privacy in Smart Grids Developing and Securing the Cloud Edited by Yang Xiao Bhavani Thuraisingham ISBN 978-1-4398-7783-8 ISBN 978-1-4398-6291-9 Security for Service Oriented Architectures Ethical Hacking and Penetration Walter Williams Testing Guide ISBN 978-1-4665-8402-0 Rafay Baloch Security without Obscurity: ISBN 978-1-4822-3161-8 A Guide to Confidentiality, Guide to the De-Identification of Authentication, and Integrity Personal Health Information J.J. Stapleton Khaled El Emam ISBN 978-1-4665-9214-8 ISBN 978-1-4665-7906-4 The Complete Book of Data Anonymization: Industrial Espionage: Developing a From Planning to Implementation Counterespionage Program Balaji Raghunathan Daniel J. Benny ISBN 978-1-4398-7730-2 ISBN 978-1-4665-6814-3 The Frugal CISO: Using Innovation and Information Security Fundamentals, Smart Approaches to Maximize Second Edition Your Security Posture Thomas R. Peltier Kerry Ann Anderson ISBN 978-1-4822-2007-0 ISBN 978-1-4398-1062-0 The Practical Guide to HIPAA Privacy and Information Security Policy Development for Security Compliance, Second Edition Compliance: ISO/IEC 27001, NIST SP 800-53, Rebecca Herold and Kevin Beaver HIPAA Standard, PCI DSS V2.0, and AUP V5.0 ISBN 978-1-4398-5558-4 Barry L. Williams Secure Data Provenance and Inference ISBN 978-1-4665-8058-9 Control with Semantic Web Investigating Computer-Related Crime, Bhavani Thuraisingham, Tyrone Cadenhead, Second Edition Murat Kantarcioglu, and Vaibhav Khadilkar Peter Stephenson and Keith Gilbert ISBN 978-1-4665-6943-0 ISBN 978-0-8493-1973-0 Secure Development for Mobile Apps: Managing Risk and Security in Outsourcing How to Design and Code Secure Mobile IT Services: Onshore, Offshore and the Cloud Applications with PHP and JavaScript Frank Siepmann J. D. Glaser ISBN 978-1-4398-7909-2 ISBN 978-1-4822-0903-7 AUERBACH PUBLICATIONS www.auerbach-publications.com • To Order Call: 1-800-272-7737 • E-mail: [email protected] ANDROID MALWARE AND ANALYSIS Ken Dunham • Shane Hartman Jose Andre Morales Manu Quintans • Tim Strazzere CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2015 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20140918 International Standard Book Number-13: 978-1-4822-5220-0 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmit- ted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright. com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Contents P REFACE xi ACKNOWLEDGMENTS xiii AUTHORS xv C ONVENTIONS xix C HA P TER 1 I NTRODUCTION TO THE A NDROID O P E R ATI N G SYSTEM AND TH R E AT S 1 Android Development Tools 2 Risky Apps 3 Looking Closer at Android Apps 5 C HA P TER 2 M ALWARE TH R E AT S, H OAXES, AND TAXONOMY 7 2010 7 FakePlayer 7 DroidSMS 8 FakeInst 8 TapSnake 8 SMSReplicator 9 Geinimi 9 2011 10 ADRD 10 Pjapps 11 BgServ 11 DroidDream 11 Walkinwat 12 zHash 13 DroidDreamLight 13 V VI CONTENTS Zsone 14 BaseBridge 14 DroidKungFu1 15 GGTracker 16 jSMSHider 16 Plankton 17 GoldDream 18 DroidKungFu2 18 GamblerSMS 19 HippoSMS 19 LoveTrap 19 Nickyspy 20 SndApps 20 Zitmo 21 DogWars 21 DroidKungFu3 22 GingerMaster 22 AnserverBot 23 DroidCoupon 23 Spitmo 24 JiFake 24 Batterydoctor 24 2012 25 AirPush 25 Boxer 25 Gappusin 26 Leadbolt 26 Adwo 26 Counterclank 27 SMSZombie 27 NotCompatible 27 Bmaster 27 LuckyCat 28 DrSheep 28 2013 28 GGSmart 28 Defender 29 Qadars 29 MisoSMS 29 FakeRun 30 TechnoReaper 30 BadNews 31 Obad 31 2014 32 DriveGenie 32 Torec 32 OldBoot 33 DroidPack 33 CONTENTS VII C HA P TER 3 O P EN S OURCE TOOLS 35 Locating and Downloading Android Packages 36 Vulnerability Research for Android OS 37 Antivirus Scans 37 Static Analysis 38 Linux File Command 38 Unzip the APK 38 Strings 39 Keytool Key and Certificate Management Utility 39 DexID 39 DARE 40 Dex2Jar 40 JD-GUI 41 JAD 41 A PKTool 41 AndroWarn 41 Dexter 42 VisualThreat 43 Sandbox Analysis 43 AndroTotal 45 APKScan 45 Mobile Malware Sandbox 45 Mobile Sandbox 45 Emulation Analysis 45 Eclipse 45 DroidBox 46 AppsPlayground 46 Native Analysis 46 Logcat 46 Traceview and Dmtracedump 46 Tcpdump 47 Reverse Engineering 47 Androguard 47 AndroidAuditTools 48 Smali/Baksmali 48 AndBug 48 Memory Analysis 48 LiME 49 Memfetch 49 Volatility for Android 49 Volatilitux 49 C HA P TER 4 STATI C A N A LYS I S 51 Collections: Where to Find Apps for Analysis 52 Google Play Marketplace 52 Marketplace Mirrors and Cache 53 Contagio Mobile 53 VIII CONTENTS Advanced Internet Queries 53 Private Groups and Rampart Research Inc. 53 Android Malware Genome Project 54 File Data 54 Cryptographic Hash Types and Queries 55 Other Metadata 56 Antivirus Scans and Aliases 57 Unzipping an APK 57 Common Elements of an Unpacked APK File 57 Certificate Information 58 Permissions 59 Strings 60 Other Content of Interest within an APK 61 Creating a JAR File 62 VisualThreat Modeling 62 Automation 62 (Fictional) Case Study 63 C HA P TER 5 A NDROID M ALWARE EVOLUTION 71 C HA P TER
Load more

Recommended publications
  • Ethical Hacking
    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
    [Show full text]
  • Bug Bounty Hunting Essentials
    Bug Bounty Hunting Essentials Quick-paced guide to help white-hat hackers get through bug bounty programs Carlos A. Lozano Shahmeer Amir BIRMINGHAM - MUMBAI Bug Bounty Hunting Essentials Copyright © 2018 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Commissioning Editor: Gebin George Acquisition Editor: Shrilekha Inani Content Development Editor: Abhishek Jadhav Technical Editor: Mohd Riyan Khan Copy Editor: Safis Editing Project Coordinator: Jagdish Prabhu Proofreader: Safis Editing Indexer: Tejal Daruwale Soni Graphics: Tom Scaria Production Coordinator: Shantanu Zagade First published: November 2018 Production reference: 1301118 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78862-689-7 www.packtpub.com mapt.io Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career.
    [Show full text]
  • |||GET||| Ethical Hacking and Penetration Testing Guide 1St Edition
    ETHICAL HACKING AND PENETRATION TESTING GUIDE 1ST EDITION DOWNLOAD FREE Rafay Baloch | 9781482231625 | | | | | Security Penetration Testing (The Art of Hacking Series) LiveLessons This course serves as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. Alex covers a typical working day, the best parts of his jobs and how to get into the industry. It will use references to examples of tool repositories we have access to, malware we have reverse engineered and tools we have written to replicate real attacks. March 4, Penetration Testing Vs. Created ina version 2 is being written. It consists mainly of furthering the vulnerability analysis by exploiting the vulnerabilities discovered during the latter. Requiring no prior hacking experience, Ethical Hacking and Penetration Testing Guide supplies a complete introduction to the steps required to complete a penetration test, or Ethical Hacking and Penetration Testing Guide 1st edition hack, from beginning to end. Despite Ethical Hacking and Penetration Testing Guide 1st edition used by a variety of different threat actors, from different regions of the world - these malware families share two things in common - their use of JavaScript and their role in the theft of data for espionage purposes. James Chappell, CTO, Digital Shadows: Threat Intelligence — Marketing Hype or Innovation Cyber Threat Intelligence has become an increasingly prevalent term in the information security Cyber industry with vendors of all shapes and sizes using this buzzword to justify to their customers that this is the right thing to be focusing on. Jean-Philippe Aumasson. Connect with:. Information Security? Top reviews from Australia.
    [Show full text]
  • Hakin9 01 2011.Pdf
    01/2011 (36) PRACTICAL PROTECTION IT SECURITY MAGAZINE Dear Readers, Here we are, another year with Hakin9 magazine is coming to an end. Hopefully, the 2010 was good for all of you but still we are always hoping the next year to be better. Hakin9 team team would like to wish you all the best in the New Year and a great New Year’s Eve! Editor in Chief: Karolina Lesińska Since the end of year is always a time for summaries we [email protected] have prepared such brief for you. Gary Miliefsky, one of the most devoted contributors of Hakin9, presents Cybercrime Editorial Advisory Board: Matt Jonkman, Rebecca Wynn, Steve Lape, Shyaam Sundhar, Donald Iverson, Michael Munt and Cyberwar Predictions for 2011. He discusses new attack vectors, more innovative exploits and much more. DTP: Ireneusz Pogroszewski Art Director: Ireneusz Pogroszewski Another review is presented by Julian Evans, Hakin9’s ID [email protected] fraud expert, who discusses the power of social web and the Proofreaders: Dylan Sachs threats is brings. I would also recommend you to take a look at thearticle Top Betatesters: Rebecca Wynn, Bob Folden, Carlos Ayala, Steve Sharing Malware by Matt Jonkman. Just to encourage you see Hodge, Nick Baronian, Matthew Sabin, Laszlo Acs, Jac van den Goor, Matthew Dumas, Andy Alvarado the abstract: There is a lot of malware out there, and a lot of people interested in analyzing what they can find. Commercial Special Thanks to the Beta testers and Proofreaders who helped us with this issue. Without their assistance there would not be a services, friendly alliances, and others set up to collect and Hakin9 magazine.
    [Show full text]
  • The Hacking Bible
    THE HACKING BIBLE: The Dark secrets of the hacking world: How you can become a Hacking Monster, Undetected and in the best way By Kevin James © Copyright 2015 by WE CANT BE BEAT LLC Table of Contents CHAPTER 1: INTRODUCTION What Hacking is all About The History of hacking Best Hackers of All Time CHAPTER 2: HOW TO BECOME A HACKER A Hackers Style General Hacking Skills Why Do People Hack? CHAPTER 3: TYPES OF HACKING Website Hacking Ethical Hacking Network Hacking Email Hacking Password Hacking Computer Hacking Online Banking Hacking CHAPTER 4: HACKING AND NON-HACKING Hackers and the Law How do Hackers Affect Our Lives How to Know if You’re Hacked How to protect Yourself From Hacking CHAPTER 5: ADVANTAGES AND DISADVANTAGES OF BEING A HACKER CHAPTER 6: HACKING TO CHANGE THE WORLD POSITIVELY An Anonym Hacker Who Could Save the World (based on real case) CHAPTER 7: HACKING TIPS AND TRICKS CONCLUSION Hack Ethically CHAPTER 1: INTRODUCTION What Hacking is all About WWW, and that’s how a new world begins… It’s World Wide Web, a world that is created by humans and where in the 21st century, the century of technology most of the people are more present in the World Wide Web living their lives there and quitting the real life due to the advantages that World Wide Web is offering them almost for free. Technology is a science of an ensemble of methods, processes and operations that are used in order to obtain a product or a result and as Francis Bacon says, knowledge is already power and technology is knowledge so technology is the biggest power of
    [Show full text]
  • On Cross-Site Scripting, Fallback Authentication and Privacy Im Web Applications
    On Cross-Site Scripting, Fallback Authentication and Privacy in Web Applications Ashar Javed (Place of birth: Bahawalpur (Pakistan)) [email protected] 13th November 2015 Ruhr-University Bochum Horst G¨ortzInstitute for IT-Security Chair for Network and Data Security Dissertation zur Erlangung des Grades eines Doktor-Ingenieurs der Fakult¨atf¨urElektrotechnik und Informationstechnik an der Ruhr-Universit¨atBochum Submission Date: 09-04-2015 Oral Exam Date: 08-07-2015 First Supervisor: Prof. Dr. rer. nat. J¨orgSchwenk Second Supervisor: Prof. Dr. rer. nat. Joachim Posegga www.nds.rub.de Contents 1 Introduction 15 1.1 Cross-Site Scripting ......................... 15 1.1.1 Facts and Figures ...................... 15 1.2 Account Recovery .......................... 16 1.2.1 Facts and Figures ...................... 16 1.3 Third-Party Tracking......................... 17 1.4 Motivation .............................. 17 1.5 Organization of Thesis........................ 18 2 Fundamentals 21 2.1 Web Application ........................... 21 2.2 Hypertext Transfer Protocol (HTTP) ............... 21 2.2.1 Types of an HTTP Requests ................ 24 2.3 Uniform Resource Locator (URL).................. 24 2.4 Same-Origin Policy.......................... 26 2.4.1 Same-Origin Policy for JavaScript By Example . 26 2.5 Content Injection Attack....................... 27 2.6 Cross-Site Scripting ......................... 28 2.6.1 Reflected XSS......................... 29 2.6.2 Stored XSS.......................... 31 2.6.3 Self-XSS............................ 32 2.7 Cookie Theft ............................. 32 2.7.1 XSS Exploitation | Exemplified at Cookie Theft . 33 2.8 Common XSS Mitigation Approaches ............... 34 2.8.1 Input Filtering........................ 35 2.8.2 Output Encoding....................... 36 2.8.3 Security Policy........................ 37 2.9 Fallback Authentication....................... 38 2.10 Privacy ...............................
    [Show full text]
  • Hacking Cloud Security
    05/2011 (41) PRACTICAL PROTECTION IT SECURITY MAGAZINE Dear Readers, The internet does not belong to one country or region. Therefore, international collaboration is a key area of focus and we need to continue to work with partners around the team globe in support of our cybersecurity goals.(Howard A. Schmidt). And that’s exactly why we devoted this issue to Editor in Chief: Karolina Lesińska cloud computing security. Because of the growing popularity [email protected] of cloud computing solutions and its future development, the risks associated to working with cloud are also growing. Editorial Advisory Board: Matt Jonkman, Rebecca Wynn, Steve Lape, Shyaam Sundhar, Donald Iverson, Michael Munt In this issue you will find several articles on cloud that deserve your attention: An Analysis of the Cloud Security DTP: Ireneusz Pogroszewski Art Director: Ireneusz Pogroszewski Threat by Julian Evans, Cloud Computing Legal Framework [email protected] and Privacy by Rebecca Wynn and Cloud Security: Is the Proofreaders: Justin Farmer, Michael Munt Sky Falling Already? by Gary S. Miliefsky. I strongly advise you to read them and I am sure you will find lots of useful Top Betatesters: Rebecca Wynn, Bob Folden, Shayne Cardwell, information there. We have also included some experts views Simon Carollo, Graham Hili. in the topic of cloud for those of you who are looking for more Special Thanks to the Beta testers and Proofreaders who helped enterprise oriented content. us with this issue. Without their assistance there would not be a Hakin9 magazine. Also, I would like you to meet Patrycja who will be the new Senior Consultant/Publisher: Paweł Marciniak editor of Hakin9.
    [Show full text]