Android is the most popular operating system among mobile devices and the malware targeted explicitly for Android is rapidly growing and spreading across the mobile ecosystem. In this paper, we propose a hybrid analysis of Android malware to retrieve evidential data, generated from or accessed by such mobile malware, which can be adopted as critical evidence for civil and criminal cases. We target on Android malware from Joker Family where we collected and analyzed 62 recently discovered malicious apps, we found that: 11 apps access and store user’s location information, 17 apps track user’s SMS text messages and 58 apps send out user personal information to remote servers. Our proposed approach found that, evidence data including location, timestamp, IP address are still able to be identified from the local file system and logging system. Our main contribution in this research is to provide an effective forensic analysis report on Android malware that can extract critical evidence from the local file systems as well as system logs.
Forensic Analysis on Joker Family Android Malware
Conference/Workshop:
17th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)
17th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)
Published: 2021
Primary Author: Chen Shi
Secondary Authors: Chris Chao-Chun, Yong Guan
Type: Publication
Research Area: Digital
Related Resources
Source Camera Identification with Multi-Camera Smartphones
An overview of source camera identification on multi-camera smartphones, and introduction to the new CSAFE multi-camera smartphone image database, and a summary of recent results on the iPhone 14 Pro’s.
An Anti-Fuzzing Approach for Android Apps
One of significant mobile app forensic analysis problems is the app evidence extraction from the device. Given the fact that mobile apps could generate more than 19K files in a…
Forensic Analysis of Android Cryptocurrency Wallet Applications
Crypto wallet apps that integrate with various block-chains allow the users to make digital currencies transaction with QR codes. According to reports from financesonline [3], there is over 68 million…
Variations and Extensions of Information Leakage Metrics with Applications to Privacy Problems with Imperfect Statistical Information
The conventional information leakage metrics assume that an adversary has complete knowledge of the distribution of the mechanism used to disclose information correlated with the sensitive attributes of a system.…