Skip to content

Forensic Analysis on Joker Family Android Malware

Conference/Workshop:
17th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)
Published: 2021
Primary Author: Chen Shi
Secondary Authors: Chris Chao-Chun, Yong Guan
Research Area: Digital

Android is the most popular operating system among mobile devices and the malware targeted explicitly for Android is rapidly growing and spreading across the mobile ecosystem. In this paper, we propose a hybrid analysis of Android malware to retrieve evidential data, generated from or accessed by such mobile malware, which can be adopted as critical evidence for civil and criminal cases. We target on Android malware from Joker Family where we collected and analyzed 62 recently discovered malicious apps, we found that: 11 apps access and store user’s location information, 17 apps track user’s SMS text messages and 58 apps send out user personal information to remote servers. Our proposed approach found that, evidence data including location, timestamp, IP address are still able to be identified from the local file system and logging system. Our main contribution in this research is to provide an effective forensic analysis report on Android malware that can extract critical evidence from the local file systems as well as system logs.

Related Resources

LibDroid: Summarizing information flow of Android Native Libraries via Static Analysis

LibDroid: Summarizing information flow of Android Native Libraries via Static Analysis

With advancements in technology, people are taking advantage of mobile devices to access e-mails, search the web, and video chat. Therefore, extracting evidence from mobile phones is an important component…
Evaluating Reference Sets for Score-Based Likelihood Ratios for Camera Device Identification

Evaluating Reference Sets for Score-Based Likelihood Ratios for Camera Device Identification

An investigator wants to know if an illicit image captured by an unknown camera was taken by a person of interest’s (POI’s) phone. Score-based likelihood ratios (SLRs) have been used…
Likelihood Ratios for Categorical Evidence with Applications to Digital Forensics

Likelihood Ratios for Categorical Evidence with Applications to Digital Forensics

In forensic investigations, the goal of evidence evaluation is often to address source-/identity-based questions in which the evidence consists of two sets of observations: one from an unknown source tied…
Automatic Detection of Android Steganography Apps via Symbolic Execution and Tree Matching

Automatic Detection of Android Steganography Apps via Symbolic Execution and Tree Matching

The recent focus of cyber security on automated detection of malware for Android apps has omitted the study of some apps used for “legitimate” purposes, such as steganography apps. Mobile…