In 2015 our Mobile-Sandbox analyzed only 25,000 Android applications that were submitted by mostly anonymous users, Anti-Virus-Companies and by our own. In the same time we had a large outage of the system (more than 4 months) due to some hardware defects and missing free time to get the system running again (I still hope to get it available for the public by end of this month). Most of these malicious applications had been downloaded from Third-Party markets and from potentially infected mobile devices. When looking at the malicious and unwanted applications and the corresponding families, one can see the following distribution of malicious behavior:
After nearly half a year I found some time today to update the mobile malware overviews for iOS and Android. I hope that I did catch everything that came up in the meantime, if not, please let me know which malware family is missing in the overviews.
Beginning of 2015 PackPub came to Johann and me and ask us if we would like to write a book about Python-based forensic investigations. The idea of writing a book was really interesting for both of us, so we started to work on an agenda and outline. After several discussions with the publisher we created an outline that was acceptable for all of us and less than a year later (since October 2015) the book is available on Amazon and PackPub.
Reversing Android applications is something I'm doing very regularly. Thus, I thought writing some small and simple step by step guides for available tools could be helpful for the community, especially for people that are just starting to work on this topic. Today I will start with Androguard, but I hope that there will be enough time in the future to continue those guides for other tools.
The posts about how to break the screen lock are very frequently visited. This is why I thought it's time to give you a short update and provide you with a Python script, that can do most of the attack in an automated way.