Learn Cyber Security

Android.Bankun And Other Android Obfuscation Tactics: A New Malware Era There’s one variant of Android.Bankun that is particularly interesting to me. When you look at the manifest it doesn’t have even one permission. Even the most simple apps have at least internet permissions. Having no permissions isn’t a red flag for being malicious though. In fact, it may even make you lean towards it being legitimate. However, there is one thing that gives Android.Bankun a red flag though. The package name of com.google.bankun instantly makes me think something is fishy. To the average user the word‚ Google’ is seen as a word to be trusted. This is especially true when it comes to the Android operating system which is of course created by the search engine giant. Malware authors now this and heavily use it to disguise their malicious intent. Mobile threat researchers like myself also know this and end up looking twice whenever we see ‚Google’ being used. Diving into the code, we see a sim...

Advanced Malware Detection using Memory Forensics Memory Forensics is the analysis of the memory image taken from the running computer. In this article, we will learn how to use Memory Forensic Toolkits such as Volatility to analyze the memory artifacts with practical real life forensics scenarios. Memory forensics plays an important role in investigations and incident response. It can help in extracting forensics artifacts from a computer’s memory like running process, network connections, loaded modules etc. It can also help in unpacking, rootkit detection and reverse engineering. Steps in memory Forensics Below are the list of steps involved in memory forensics. Memory Acquisition This step involves dumping the memory of the target machine. On the physical machine you can use tools like Win32dd/Win64dd, Memoryze, DumpIt, FastDump. Whereas on the virtual machine, acquiring the memory image is easy, you can do it by suspending the VM and grabbing the “.vmem” file. Me...