Fingerprinting Android malware packaging process through static analysis to identify their creator

Presented at Hackfest 2017, Nov. 3, 2017, 10 a.m. (Unknown duration)

In this talk, we will look at some elements of Android malware static analysis: what interesting information can be extracted from an APK and what might allow to distinguish between malware and legitimate apps. Statistics from an effort to analyze >200,000 malware will be presented. This will help us understand the current situation and possible artefacts present in malware samples. Finaly (at most importantly), we'll look at some strategies that allow us to cluster malware samples around their origin. That is, how can we tell that two samples are form the same creator, without knowing exactly who that creator is, by fingerprinting the malware packaging process. This project is the result of a collaboration between cybersecurity R&D lab at Cegep Sainte-Foy and the Canadian Cyber Incident Response Center (Public Safery CCIRC).

Presenters:

  • Francois Gagnon
    François is teaching computer science at Cégep Ste-Foy where he leads the cybersecurity R&D lab. He holds a Ph.D. in computer science (network security) from Carleton University and a M.Sc. in computer science (crypto) from Université Laval. He worked on several R&D projects in security in partnerships with private and public sector organizations.

Links:

Similar Presentations: