Almost all mobile apps are designed to run natively on our mobile phones without the need to add any virtualization software. The underlining OS handles resources and the necessary infrastructure to run apps securely. In Android, every app is assigned a unique UID upon process initialization providing it an isolated view of the system and protection not to interfere with other apps and data.
- Aug 18, 2020...more
- Jul 4, 2019...more
Two weeks ago I had a hunch that some Malwares were being distributed through phishing URLs/links. The process involves analyzing phishing feeds from known sources (openphish/phishtank) and loading them up on headless chrome to see if I can find APK/IPA link or official store links that might be affiliated to the attackers.
- Jun 1, 2018...more
Malware analysis has always been a game of who knows what. A typical vendor will analyze a given sample and try to predict whether its harmful or not. Vendors will try to accumulate threat data from various sources to strength their ability to make high accurate predictions. These include, collecting malware samples, deploying honeypot to lure attackers in, etc. This will help them build the following
- Signature/hash database - Collection of known samples. Some companies go even further by using tools like ssdeep (https://ssdeep-project.github.io/ssdeep/index.html). This will help detect malware derivatives of known samples.
- Machine learning models - sophisticated models to predict an unknown sample.
- May 14, 2018...more
Drop in your mobile app for static analysis. We will perform automated analysis to extract detailed information. App Signer information, permission usage, method calls, third party libraries and others.
Create your own yara rules to see if an app binary matches your defined patterns. Or select other rules prepared by hackers, penentration testers and security specialists.
Hundreds of yara rules to catch
- Fake apps
- & APT sources