As part of the Techno Security/Mobile Forensics Conference this year @Celldet did a presentation of Android Malware. The 50 minute condensed soon-to-be-MFI one day training course @Celldet explained this presso was going to be a “teaser”. The session covered a little Android overview of operation versions from the dessert family. With names like GingerBread and Ice Cream Sandwich who could go wrong. With Androids quasi JIT (Just in Time) type of application debugging and application available code in the application packages or APK files the attendees received an overview of how these packages interact in the sandboxed world of an Android device.
@Celldet moved into the proliferation of malware typically exacerbated by the delivery mechanism; aka Google Play and other third party application distribution points. The malware typically encountered can steal and transmit the device information to include IMEI numbers, contacts and much more; the primary motivation is monetary gain by selling the information obtained, targeting advertising and bot nets.
The most talked about portion of the talk-lab was when the attendees were exposed to the two methods of Malware examination, static and dynamic. Attendees were introduced to free tools that allowed them to step through android apk code to uncover permissions that might not necessarily be permissions typically seen in a “gaming” application. Permissions like “this SMS service will cost you” when the application is installed is Cut The Rope.
The pinnacle moment came when attendees watched as an actual android running a 2.2 version of Android was compromised unknowingly by playing a fun game. Looking at the captured logs of TCP traffic after playing the game on the android device showed the device was contacting and sending information to a server in the country of China. And the crowd goes wild.
As @Celldet likes to say “That’s what Iam talking about….”
