VB2018 preview: Unpacking the packed unpacker: reversing an Android anti-analysis library
Posted by Martijn Grooten on Aug 17, 2018
Seven years ago, the first VB conference paper on Android malware looked at what was then a new, but growing trend. Since then both the threat and the research community have grown enormously, and every VB conference since has featured several talks on Android malware. VB2018 is no exception.
One of this year's Android talks will by Maddie Stone, a researcher from the developer of Android itself, Google. Maddie will present her analysis of an anti-analysis library used by thousands of malicious APKs to obfuscate their functionality.
The library, named 'WeddingCake' because of its many layers, uses techniques also commonly seen in Windows malware, from dynamic decryption to attempts to detect being run inside a research environment. Maddie's analysis demonstrates the challenges faced by those researching the still growing threat of Android malware.
For a taste of Maddie's VB2018 talk and paper, take a look at the slides (pdf) of a talk she gave at Black Hat USA last week, in which she focused on the same library.
The library checks for the presence of the Monkey tool commonly run in emulators.
Don't forget to register for VB2018 to guarantee your place in Montreal, where you will also be able to Sophos's Rowland Yu discuss how to perform network analysis of Android malware as well as attend a workshop on Android malware analysis by Fortinet's Axelle Apvrille.
And if you yourself have performed some hot research on Android malware (or any other security topic), note that the call for last-minute papers remains open until 2 September!
At VB2019 in London a group of researchers from the Stratosphere Lab at the Czech Technical University in Prague presented a paper in which they analysed and dissected the cyber espionage activities of an APT group in Latin America through the…
In a paper presented at VB2019 in London, researchers Miriam Cihodariu (Heimdal Security) and Andrei Bogdan Brad (Code4Romania) looked at how surveillance is represented in fiction and how these representations are shaping people's attitudes to…
At VB2019 in London industry veterans Righard Zwienenberg and Eddy Willems took a detailed look at the relationship between past and current cyber threats. Today, we publish both their paper and the recording of their presentation.
Virus Bulletin is recruiting for a person to be the public face of the company
At VB2019 in London, ZEROSPAM researchers Pierre-Luc Vaudry and Olivier Coutu discussed how email clustering could be used to detect malicious Emotet emails that hijacked existing email threads. Today we publish the recording of their presentation.