izpis_h1_title_alt

Analiza zlonamernih mobilnih aplikacij s tehnikami vzvratnega inženirstva
ID Vidergar, Urban (Author), ID Sedlar, Urban (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (7,15 MB)
MD5: 7DE3FDFBC1DB3DC3E775963535C52359

Abstract
Cilj magistrskega dela je celostna predstavitev področja analize in delovanja zlonamernih mobilnih aplikacij, njihovih tehničnih funkcionalnosti in uporabljenih zlonamernih metodologij. Delo v prvem poglavju teoretično predstavlja arhitekturo operacijskega sistema Android, vanj vgrajene in dodatno implementirane varnostne mehanizme. V nadaljevanju delo opiše najpogostejše vrste zlonamernih mobilnih aplikacij, predstavi bistvo zlonamerne kode na resničnih vzorcih in v naslednjem poglavju našteje vektorje možnih okužb. Nadaljevanje magistrskega dela na osnovi ugotovitev predhodnih poglavij predstavlja tehnično delovanje različnih zlonamernih aplikacij, tako splošno kot tudi na podlagi analize številnih realnih vzorcev. Poglavje v nadaljevanju predstavlja tehnike prikritega delovanja, v katerem združuje opis delovanja pakirnikov, dostavljalcev, uporabe neveljavnega datotečnega formata in delovanja persistenčnih mehanizmov. Zaradi pomembnosti in razširjenosti aplikacij za krajo uporabniških podatkov in finančnih sredstev magistrsko delo pripadajočo podskupino aplikacij predstavlja v svojem poglavju. Poglavje po splošni predstavitvi področja podrobneje predstavi statično in dinamično analizo zlonamerne mobilne aplikacije za krajo finančnih sredstev iz družine CherryBlos. Naslednje, najobsežnejše poglavje v magistrskem delu predstavlja tehnično delovanje aplikacij, ki za svoje delovanje implementirajo nativne knjižnice. Poglavje predstavlja tehnično analizo dveh pakirnikov, drugi od katerih je uporabljen pri zaščiti zlonamerne aplikacije družine CherryBlos, predstavljene v predhodnem poglavju. Zadnje poglavje predstavlja komunikacijo zlonamernih aplikacij s kontrolnim strežnikom in njihovo dinamično analizo z lastno implementiranim kontrolnim strežnikom. Vsako poglavje bralcu predstavlja nevarnosti zlonamernih mobilnih aplikacij, njihovo tehnično delovanje in načine njihove analize s tehnikam vzvratnega inženirstva. Vsa poglavja vključujejo splošno teoretično razlago, ki je podkrepljena s tehnično analizo reprezentativnih zlonamernih vzorcev. Rezultati raziskovalnega dela magistrske naloge temeljijo na ugotovitvah izvedenih analiz, ki z uporabljenimi tehnikami vzvratnega inženirstva pojasnjujejo in dokazujejo zlonamernost vseh obravnavanih vzorcev.

Language:Slovenian
Keywords:zlonamerne mobilne aplikacije, Android, analiza, vzvratno inženirstvo
Work type:Master's thesis/paper
Organization:FE - Faculty of Electrical Engineering
Year:2024
PID:20.500.12556/RUL-159629 This link opens in a new window
COBISS.SI-ID:202399491 This link opens in a new window
Publication date in RUL:16.07.2024
Views:323
Downloads:86
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Analysis of malicious mobile applications using reverse engineering techniques
Abstract:
The objective of the master's thesis is to comprehensively present the field of analysis and functioning of malicious mobile applications, their technical functionalities, and the malicious methodologies employed. The first chapter of the thesis provides a theoretical overview of the architecture of the Android operating system, including both its built-in and additionally implemented security mechanisms. Subsequently, the thesis describes the most commonly represented types of malicious mobile applications, highlights the key components of malicious code in real-world samples, and lists possible infection vectors in a separate chapter. Building on the findings of the previous chapters, the thesis continues by presenting the technical operation of various malicious applications, both generally and through the technical analysis of numerous real-world samples of malicious software. The following chapter discusses covert operation techniques, which include the description of packers, droppers, malformed file formats, and the persistence mechanisms of malicious mobile applications. Given the significance and prevalence of applications designed to steal user data and financial resources, the thesis dedicates a separate chapter to this subgroup. After a general introduction to the field, the chapter provides a detailed static and dynamic analysis of a malicious mobile application from the CherryBlos family, aimed at financial theft. The most extensive chapter of the thesis addresses the technical functionalities of applications that incorporate native libraries and includes a technical analysis of two native packers. The second of the two is used to protect a malicious application from the CherryBlos family, which is described in the previous chapter. The final chapter presents the communication of malicious applications with the command and control server along with their dynamic analysis using a self-implemented server in an isolated environment. Each chapter presents the reader with the dangers of malicious mobile applications, their technical functioning, and methods for their analysis using reverse engineering techniques. Each chapter includes a general theoretical explanation supported by a technical analysis of representative malicious samples. The results of the research conducted for this master's thesis are the findings of the technical analyses, which utilize reverse engineering techniques to explain, demonstrate, and prove the malicious nature of all examined samples. All analyzed samples were part of real campaigns and are, in most cases, associated with criminal activities involving financial theft. The author does not encourage, support, or approve the development, use, or distribution of the analyzed applications. Nor does the author approve of utilizing the presented analysis techniques and reverse engineering for malicious purposes. The applications, methodologies of operation, and tools presented in this thesis are intended solely for educational and research purposes to understand and address malicious software analysis.

Keywords:malicious mobile applications, Android, analysis, reverse engineering

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back