V
Contents
Prefac e xi
ac knowled g ments xiii
auth ors xv
con venti ons xix
cha Pte r 1 introdu ction t o th e and roid oPeratin g
syst em an d thre ats 1
Android Development Tools 2
Risky Apps 3
Looking Closer at Android Apps 5
cha Pte r 2 malware thr e at s, hoa x es, and ta xono my 7
2010 7
FakePlayer 7
DroidSMS 8
FakeInst 8
TapSnake 8
SMSReplicator 9
Geinimi 9
2011 10
ADRD 10
Pjapps 11
BgServ 11
DroidDream 11
Walkinwat 12
zHash 13
DroidDreamLight 13
VI
Contents
Zsone 14
BaseBridge 14
DroidKungFu1 15
GGTracker 16
jSMSHider 16
Plankton 17
GoldDream 18
DroidKungFu2 18
GamblerSMS 19
HippoSMS 19
LoveTrap 19
Nickyspy 20
SndApps 20
Zitmo 21
DogWars 21
DroidKungFu3 22
GingerMaster 22
AnserverBot 23
DroidCoupon 23
Spitmo 24
JiFake 24
Batterydoctor 24
2012 25
AirPush 25
Boxer 25
Gappusin 26
Leadbolt 26
Adwo 26
Counterclank 27
SMSZombie 27
NotCompatible 27
Bmaster 27
LuckyCat 28
DrSheep 28
2013 28
GGSmart 28
Defender 29
Qadars 29
MisoSMS 29
FakeRun 30
TechnoReaper 30
BadNews 31
Obad 31
2014 32
DriveGenie 32
Torec 32
OldBoot 33
DroidPack 33
VII
Contents
cha Pte r 3 oPe n sou rce too ls 35
Locating and Downloading Android Packages 36
Vulnerability Research for Android OS 37
Antivirus Scans 37
Static Analysis 38
Linux File Command 38
Unzip the APK 38
Strings 39
Keytool Key and Certicate Management Utility 39
DexID 39
DARE 40
Dex2Jar 40
JD-GUI 41
JAD 41
APKTool 41
AndroWarn 41
Dexter 42
Visualreat 43
Sandbox Analysis 43
AndroTotal 45
APKScan 45
Mobile Malware Sandbox 45
Mobile Sandbox 45
Emulation Analysis 45
Eclipse 45
DroidBox 46
AppsPlayground 46
Native Analysis 46
Logcat 46
Traceview and Dmtracedump 46
Tcpdump 47
Reverse Engineering 47
Androguard 47
AndroidAuditTools 48
Smali/Baksmali 48
AndBug 48
Memory Analysis 48
LiME 49
Memfetch 49
Volatility for Android 49
Volatilitux 49
cha Pte r 4 static analysi s 51
Collections: Where to Find Apps for Analysis 52
Google Play Marketplace 52
Marketplace Mirrors and Cache 53
Contagio Mobile 53
VIII
Contents
Advanced Internet Queries 53
Private Groups and Rampart Research Inc. 53
Android Malware Genome Project 54
File Data 54
Cryptographic Hash Types and Queries 55
Other Metadata 56
Antivirus Scans and Aliases 57
Unzipping an APK 57
Common Elements of an Unpacked APK File 57
Certicate Information 58
Permissions 59
Strings 60
Other Content of Interest within an APK 61
Creating a JAR File 62
Visualreat Modeling 62
Automation 62
(Fictional) Case Study 63
cha Pte r 5 and roid ma lwa re evolutio n 71
cha Pte r 6 and roid ma lwa re trends a nd re ve rsing
tac ti cs 77
cha Pte r 7 Beh avio ral analys is 91
Introduction to AVD and Eclipse 91
Downloading and Installing the ADT Bundle 92
e Software Development Kit Manager 93
Choosing an Android Platform 94
Processor Emulation 95
Choosing a Processor 95
Using HAXM 95
Conguring Emulated Devices within AVD 96
Location of Emulator Files 99
Default Image Files 100
Runtime Images: User Data and SD Card 100
Temporary Images 100
Setting Up an Emulator for Testing 101
Controlling Malicious Samples in an Emulated Environment 102
Additional Networking in Emulators 102
Using the ADB Tool 103
Using the Emulator Console 103
Applications for Analysis 104
Capabilities and Limitations of the Emulators 105
Preserving Data and Settings on Emulators 105
Setting Up a Physical Device for Testing 106
Limitations and Capabilities of Physical Devices 108
Network Architecture for Sning in a Physical Environment 109
Applications for Analysis 110
IX
Contents
Installing Samples to Devices and Emulators 111
Application Storage and Data Locations 112
Getting Samples O Devices 112
e Eclipse DDMS Perspective 113
Devices View 113
Network Statistics 116
File Explorer 116
Emulator Control 117
System Information 117
LogCat View 117
Filtering LogCat Output 117
Application Tracing 118
Analysis of Results 118
Data Wiping Method 122
Application Tracing on a Physical Device 122
Imaging the Device 124
Other Items of Interest 126
Using Google Services Accounts 126
Sending SMS Messages 126
Getting Apps from Google Play 127
Working with Databases 127
Conclusion 128
cha Pte r 8 Build ing your own san dBox 129
Static Analysis 130
Dynamic Analysis 131
Working Terminology for an Android Sandbox 131
Android Internals Overview 131
Android Architecture 132
Applications 133
Applications Framework 133
Libraries 134
Android Runtime 135
e Android Kernel 139
Build Your Own Sandbox 144
Tools for Static Analysis 144
Androguard 144
Radare2 146
Dex2Jar and JD-GUI 147
APKInspector 148
Keytool 148
Tools for Dynamic Analysis 149
TaintDroid 149
DroidBox 150
DECAF 151
TraceDroid Analysis Platform 151
Volatility Framework 152
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.