The objective of the master's thesis is to comprehensively present the field of analysis and functioning of malicious mobile applications, their technical functionalities, and the malicious methodologies employed. The first chapter of the thesis provides a theoretical overview of the architecture of the Android operating system, including both its built-in and additionally implemented security mechanisms. Subsequently, the thesis describes the most commonly represented types of malicious mobile applications, highlights the key components of malicious code in real-world samples, and lists possible infection vectors in a separate chapter. Building on the findings of the previous chapters, the thesis continues by presenting the technical operation of various malicious applications, both generally and through the technical analysis of numerous real-world samples of malicious software. The following chapter discusses covert operation techniques, which include the description of packers, droppers, malformed file formats, and the persistence mechanisms of malicious mobile applications. Given the significance and prevalence of applications designed to steal user data and financial resources, the thesis dedicates a separate chapter to this subgroup. After a general introduction to the field, the chapter provides a detailed static and dynamic analysis of a malicious mobile application from the CherryBlos family, aimed at financial theft. The most extensive chapter of the thesis addresses the technical functionalities of applications that incorporate native libraries and includes a technical analysis of two native packers. The second of the two is used to protect a malicious application from the CherryBlos family, which is described in the previous chapter. The final chapter presents the communication of malicious applications with the command and control server along with their dynamic analysis using a self-implemented server in an isolated environment. Each chapter presents the reader with the dangers of malicious mobile applications, their technical functioning, and methods for their analysis using reverse engineering techniques. Each chapter includes a general theoretical explanation supported by a technical analysis of representative malicious samples. The results of the research conducted for this master's thesis are the findings of the technical analyses, which utilize reverse engineering techniques to explain, demonstrate, and prove the malicious nature of all examined samples. All analyzed samples were part of real campaigns and are, in most cases, associated with criminal activities involving financial theft. The author does not encourage, support, or approve the development, use, or distribution of the analyzed applications. Nor does the author approve of utilizing the presented analysis techniques and reverse engineering for malicious purposes. The applications, methodologies of operation, and tools presented in this thesis are intended solely for educational and research purposes to understand and address malicious software analysis.