Research Centre

[SecSea 2020] Medical malware on Android

If you want to jump to specific parts of the video, add ~20 seconds to the following timings, and you should approximately be at the right place:

----------- Intro -----------------------

• 00:00:00 Intro
  
• 00:00:16 Quizz 1
  
• 00:01:05 Nb of malicious Android samples
  
• 00:01:27 Quizz 2 medical moblie malware
  
• 00:03:32 Android Coronavirus malware tracker
  
• 00:05:06 Published report on mobile malware abusing diabetic patients
• 00:09:00 Android Anubis/BankerBot/NautilusBot malware
  

• 00:09:44 Reversing the sample
  
• 00:12:05 Using DroidLysis
  
• 00:14:23 Understanding the packer
  
• 00:24:15 Decrypting filenames
  
• 00:28:39 Load Android emulator
  
• 00:31:54 Unpacking
  
• 00:32:58 Reversing the unpacked DEX
  
• 00:35:33 POSSIBLE END If you've had enough go, skip reverse engineering of unpacked sample and go to 01:05:04
  

• 00:38:42 Decrypting preferences
  
• 00:44:09 Features of the malware
  
• 00:45:06 Request for bitcoins
  
• 00:46:24 Recording audio
  
• 00:50:30 Lock screen feature
  
• 00:57:19 Send SMS feature
  
• 01:01:51 Communication via Twitter
  
• 01:03:34 SSH Tunnel
  

• 01:05:04 Recap
  
• 01:08:13 Links
  
• 01:09:00 Contact info

The 2020 edition of SecSea will be virtual (online).

• Video: YouTube
• Report: Android malware abusing medical apps for diabetes
  

References

• • SecSea 2K20