This is Deeperent: Tracking App BEHAVIORS with (Nothing Changed) Phone for Evasive Android Malware

by Yeongung Park, Jun Young Choi
Sept. 19, 2017 0 comments Black Hat belen_caty

In this talk, we will introduce new powerful tool tracking method to monitor behaviors of evasive Android malware without OS modification. We used a different concept to analyze the Android application fast and deeply. The tools can track all methods you want to monitor, such as User-defined classes/methods, 3rd-Party libraries, and Java/Android APIs. Furthermore, the tool can monitor functions in native level like JNI(Java Natvie Interface), Functions in libc and Binder on nothing-changed phone. We are going to present base techniques for implementation and demonstrate on how to analyze very complicated evasive and advanced Android malware.