{Malandroid} - The Crux of Android Infections

Presented at ToorCon San Diego 14 (2012), Oct. 20, 2012, 11 a.m. (50 minutes)

The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we'll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we'll be able to show the advancements in Android malware from a design perspective. This analysis will provide details on the evolution of Android malware and details regarding how Android malware has bypassed mitigations and evaded capture so consistently for so long. Additionally, to end the debates about malware analysis and classification on the Android platform, we'll present a logical, structured way to classify all types of Android malware called the Android Malware Taxonomy. Once we have amassed detailed malware analysis information, we will make logical conclusions regarding the future of malware on Android.


  • Aditya K Sood
    Aditya K Sood is a senior security practitioner at IOActive and PhD candidate at Michigan State University. He has already worked in the security domain for Armorize, COSEINC and KPMG. His interest includes penetration testing, web app security and malware analysis. He has been an active speaker at industry conferences like DEFCON, HackInTheBox, LayerOne, Source, RSA , BruCon, ToorCon, HackerHalted, TRISC , EuSecwest, XCON, Troopers, OWASP AppSec, US-CERT GFIRST and many others. He has authored several papers for various magazines including IEEE, Elsevier, Crosstalk, Virus Bulletin, ISACA, ISSA and HITB. Website: http://www.ioactive.com

Similar Presentations: