Android Malware and Analysis

Android Malware and Analysis

By: Tim Strazzere (author), Manu Quintans (author), Shane Hartman (author), Ken Dunham (author), Jose Andre Morales (author)Hardback

Only 1 in stock

£37.04 RRP £38.99  You save £1.95 (5%) With FREE Saver Delivery


The rapid growth and development of Android-based devices has resulted in a wealth of sensitive information on mobile devices that offer minimal malware protection. This has created an immediate need for security professionals that understand how to best approach the subject of Android malware threats and analysis. In Android Malware and Analysis, Ken Dunham, renowned global malware expert and author, teams up with international experts to document the best tools and tactics available for analyzing Android malware. The book covers both methods of malware analysis: dynamic and static. This tactical and practical book shows you how to use to use dynamic malware analysis to check the behavior of an application/malware as it has been executed in the system. It also describes how you can apply static analysis to break apart the application/malware using reverse engineering tools and techniques to recreate the actual code and algorithms used. The book presents the insights of experts in the field, who have already sized up the best tools, tactics, and procedures for recognizing and analyzing Android malware threats quickly and effectively. You also get access to an online library of tools that supplies what you will need to begin your own analysis of Android malware threats. Tools available on the book's site include updated information, tutorials, code, scripts, and author assistance. This is not a book on Android OS, fuzz testing, or social engineering. Instead, it is about the best ways to analyze and tear apart Android malware threats. After reading the book, you will be able to immediately implement the tools and tactics covered to identify and analyze the latest evolution of Android threats. Updated information, tutorials, a private forum, code, scripts, tools, and author assistance are available at for first-time owners of the book.

Create a review

About Author

Ken Dunham has nearly two decades of experience on the front lines of information security. He currently works as a principal incident intelligence engineer for iSIGHT Partners and as CEO of the nonprofit Rampart Research. Dunham regularly briefs top-level executives and officials in Fortune 500 companies and manages major newsworthy incidents globally. Formerly, he led training efforts as a contractor for the U.S. Air Force for U-2 reconnaissance, Warthog Fighter, and Predator (UAV) programs. Concurrently, he also authored top Web sites and freeware antiviruses and other software, and has taught at multiple levels on a diverse range of topics. Dunham is the author of multiple books, is a regular columnist, and has authored thousands of incident and threat reports over the past two decades. He holds a master's of teacher education and several certifications: CISSP, GCFA Gold (forensics), GCIH Gold (Honors) (incident handling), GSEC (network security), GREM Gold (reverse engineering), and GCIA (intrusion detection). He is also the founder and former president of Idaho InfraGard and Boise ISSA, a member of multiple security organizations globally, and former Wildlist Organization reporter. In 2014, Dunham was awarded the esteemed ISSA International Distinguished Fellow status. Dunham is also the founder of the nonprofit organization Rampart Research, which meets the needs of over 1,000 cybersecurity experts globally. Shane Hartman, CISSP, GREM, is a malware engineer at iSIGHT Partners, focusing on the analysis and characteristics of malicious code. He has been in the information technology field for 20 years covering a wide variety of areas including network engineering and security. He is also a frequent speaker at local security events and teaches security courses at the University of South Florida. Hartman holds a master's degree in digital forensics from the University of Central Florida. Jose Morales has been a researcher in cybersecurity since 1998, focusing on behavior-based malware analysis and detection and suspicion assessment theory and implementation. He graduated with his Ph.D. in computer science in 2008 from Florida International University and completed a postdoctoral fellowship at the Institute for Cyber Security at the University of Texas at San Antonio. He is a senior member of the Association of Computing Machinery (ACM) and IEEE. Manu Quintans is a malware researcher linked from many years ago to the malware scene, as a collaborator with groups such and Malware Intelligence, developing expertise and disciplines related to malware research and response. He currently works as an intelligence manager for a Big4, performing campaign tracking of malware and supporting incidence response teams in the Middle East. He also chairs a nonprofit organization called dedicated to the study of new online threats to assist organizations and computer emergency response teams (CERTs) combating such threats. Tim Strazzere is a lead research and response engineer at Lookout Mobile Security. Along with writing security software, he specializes in reverse engineering and malware analysis. Some interesting past projects include reversing the Android Market protocol, Dalvik decompilers, and memory manipulation on mobile devices. Past speaking engagements have included DEFCON, BlackHat, SyScan, HiTCON, and EICAR.


Introduction to the Android Operating System and Threats Android Development Tools Risky Apps Looking Closer at Android Apps Malware Threats, Hoaxes, and Taxonomy 2010 FakePlayer DroidSMS FakeInst TapSnake SMSReplicator Geinimi 2011 ADRD Pjapps BgServ DroidDream Walkinwat zHash DroidDreamLight Zsone BaseBridge DroidKungFu GGTracker jSMSHider Plankton GoldDream DroidKungFu2 GamblerSMS HippoSMS LoveTrap Nickyspy SndApps Zitmo DogWars DroidKungFu3 GingerMaster AnserverBot DroidCoupon Spitmo JiFake Batterydoctor 2012 AirPush Boxer Gappusin Leadbolt Adwo Counterclank SMSZombie NotCompatible Bmaster LuckyCat DrSheep 2013 GGSmart Defender Qadars MisoSMS FakeRun TechnoReaper BadNews Obad 2014 DriveGenie Torec OldBoot DroidPack Open Source Tools Locating and Downloading Android Packages Vulnerability Research for Android OS Antivirus Scans Static Analysis Linux File Command Unzip the APK Strings Keytool Key and Certificate Management Utility DexID DARE Dex2Jar JD-GUI JAD APKTool AndroWarn Dexter VisualThreat Sandbox Analysis AndroTotal APKScan Mobile Malware Sandbox Mobile Sandbox Emulation Analysis Eclipse DroidBox AppsPlayground Native Analysis Logcat Traceview and Dmtracedump Tcpdump Reverse Engineering Androguard AndroidAuditTools Smali/Baksmali AndBug Memory Analysis LiME Memfetch Volatility for Android Volatilitux Static Analysis Collections: Where to Find Apps for Analysis Google Play Marketplace Marketplace Mirrors and Cache Contagio Mobile Advanced Internet Queries Private Groups and Rampart Research Inc. Android Malware Genome Project File Data Cryptographic Hash Types and Queries Other Metadata Antivirus Scans and Aliases Unzipping an APK Common Elements of an Unpacked APK File Certificate Information Permissions Strings Other Content of Interest within an APK Creating a JAR File VisualThreat Modeling Automation (Fictional) Case Study Android Malware Evolution Android Malware Trends and Reversing Tactics Behavioral Analysis Introduction to AVD and Eclipse Downloading and Installing the ADT Bundle The Software Development Kit Manager Choosing an Android Platform Choosing a Processor Using HAXM Configuring Emulated Devices within AVD Location of Emulator Files Default Image Files Runtime Images: User Data and SD Card Temporary Images Setting Up an Emulator for Testing Controlling Malicious Samples in an Emulated Environment Additional Networking in Emulators Using the ADB Tool Using the Emulator Console Applications for Analysis Capabilities and Limitations of the Emulators Preserving Data and Settings on Emulators Setting Up a Physical Device for Testing Limitations and Capabilities of Physical Devices Network Architecture for Sniffing in a Physical Environment Applications for Analysis Installing Samples to Devices and Emulators Application Storage and Data Locations Getting Samples Off Devices The Eclipse DDMS Perspective Devices View Network Statistics File Explorer Emulator Control System Information LogCat View Filtering LogCat Output Application Tracing Analysis of Results Data Wiping Method Application Tracing on a Physical Device Imaging the Device Other Items of Interest Using Google Services Accounts Sending SMS Messages Getting Apps from Google Play Working with Databases Conclusion Building Your Own Sandbox Static Analysis Dynamic Analysis Working Terminology for an Android Sandbox Android Internals Overview Android Architecture Applications Applications Framework Libraries Android Runtime The Android Kernel Build Your Own Sandbox Tools for Static Analysis Androguard Radare2 Dex2Jar and JD-GUI APKInspector Keytool Tools for Dynamic Analysis TaintDroid DroidBox DECAF TraceDroid Analysis Platform Volatility Framework Sandbox Lab (Codename AMA) Architecture Host Requirements Operating System Configuration Running Sandbox What Happens When You Upload Malware Samples, from a Dynamic Analysis Point of View Conclusions about AMA Case Study Examples Usbcleaver Checkpoint Static Analysis Checkpoint Dynamic Analysis Launch of the APK Summary Torec Bibliography Index

Product Details

  • publication date: 25/11/2014
  • ISBN13: 9781482252194
  • Format: Hardback
  • Number Of Pages: 242
  • ID: 9781482252194
  • weight: 566
  • ISBN10: 1482252198

Delivery Information

  • Saver Delivery: Yes
  • 1st Class Delivery: Yes
  • Courier Delivery: Yes
  • Store Delivery: Yes

Prices are for internet purchases only. Prices and availability in WHSmith Stores may vary significantly