Skip to content

Forensic Analysis on Joker Family Android Malware

Conference/Workshop:
17th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)
Published: 2021
Primary Author: Chen Shi
Secondary Authors: Chris Chao-Chun, Yong Guan
Research Area: Digital

Android is the most popular operating system among mobile devices and the malware targeted explicitly for Android is rapidly growing and spreading across the mobile ecosystem. In this paper, we propose a hybrid analysis of Android malware to retrieve evidential data, generated from or accessed by such mobile malware, which can be adopted as critical evidence for civil and criminal cases. We target on Android malware from Joker Family where we collected and analyzed 62 recently discovered malicious apps, we found that: 11 apps access and store user’s location information, 17 apps track user’s SMS text messages and 58 apps send out user personal information to remote servers. Our proposed approach found that, evidence data including location, timestamp, IP address are still able to be identified from the local file system and logging system. Our main contribution in this research is to provide an effective forensic analysis report on Android malware that can extract critical evidence from the local file systems as well as system logs.

Related Resources

A Response to the Threat of Stegware

A Response to the Threat of Stegware

Stegware refers to software, programs or apps that allow insertion of malware into a digital file, such as an image or video, using steganography techniques. Although it has been in…
A Forensic Analysis of Joker-Enabled Android Malware Apps

A Forensic Analysis of Joker-Enabled Android Malware Apps

This project aims at developing a set of automated Android Malware vetting tools to discover all the malicious behaviors of Android Malwares in the forms of files in the local…
LogExtractor: Extracting Digital Evidence from Android Log Messages via String and Taint Analysis

LogExtractor: Extracting Digital Evidence from Android Log Messages via String and Taint Analysis

Mobile devices are increasingly involved in crimes. Therefore, digital evidence on mobile devices plays a more and more important role in crime investigations. Existing studies have designed tools to identify and/or…
Source-Anchored, Trace-Anchored, and General Match Score-Based Likelihood Ratios for Camera Device Identification

Source-Anchored, Trace-Anchored, and General Match Score-Based Likelihood Ratios for Camera Device Identification

Forensic camera device identification addresses the scenario, where an investigator has two pieces of evidence: a digital image from an unknown camera involved in a crime, such as child pornography,…