Blowing the cover: Hands-on analysis of handcrafted Android malware

Cloud, Mobile & IAM Theatre

Wed 26th Sep 01:00 to 01:30

Since the first Android malware was publically reported back in 2010, threat actors and defenders have been playing a continuous game of cat and mouse -- developing their tools, techniques and tactics. While using freely available obfuscators or simply replacing variable names with gibberish are common ways to impede detection and analysis efforts of security researchers, in this talk we will unveil some novel approaches employed by malware authors to conceal their apps’ functionality and stay under the radar. We will cover multiple examples of such techniques, which include storing the payload in a generic, typeless binary file, using a file that looks legitimate, as well as having no visible payload file at all.

What you will take away from this session

  • Obfuscation techniques used by modern Android malware to evade detection
  • Concealment of code in unusual locations
  • Code and data encryption as vehicle to hide malicious payloads
  • Use of steganography in a Click Fraud malware family


Photo Speaker Name Profile
Alex Reshetniak Alex Reshetniak View Profile