Two weeks ago I had a hunch that some Malwares were being distributed through phishing URLs/links. The process involves analyzing phishing feeds from known sources (openphish/phishtank) and loading them up on headless chrome to see if I can find APK/IPA link or official store links that might be affiliated to the attackers.

Malware analysis has always been a game of who knows what. A typical vendor will analyze a given sample and try to predict whether its harmful or not. Vendors will try to accumulate threat data from various sources to strength their ability to make high accurate predictions. These include, collecting malware samples, deploying honeypot to lure attackers in, etc. This will help them build the following

1. Signature/hash database - Collection of known samples. Some companies go even further by using tools like ssdeep (https://ssdeep-project.github.io/ssdeep/index.html). This will help detect malware derivates of known samples.
2. Machine learning models - sophisticated models to predict an unknown sample.

Static Analysis

Drop in your mobile app for static analysis. We will perform automated analysis to extract detailed information. App Signer information, permission usage, method calls, third party libraries and others.

Matching Yara Rules

Create your own yara rules to see if an app binary matches your defined patterns. Or select other rules prepared by hackers, penentration testers and security specialists.

Hundreds of yara rules to catch

1. Fake apps
2. Malwares
3. & APT sources