Malware analysis
This section shows how to analyze Android malwares using both static and dynamic analysis techniques. We are going to use reverse engineering techniques that are commonly used in the real world to analyze malware using static analysis techniques. tcpdump is going to be used for dynamic analysis of the app to see the network calls being made by the app. We can also use tools such as introspy to capture the other sensitive API calls being made by the app. This section shows the analysis of the SMS stealer application that we used earlier.
Static analysis
Let's begin with static analysis using reverse engineering techniques. When an app has to be analyzed for malicious behavior, it is easier if we have access to its source code.
Disassembling Android apps using Apktool
We can use Apktool to disassemble the app and get the smali version of the code.
The following are the steps to achieve it:
Navigate to the location of the app:
$ pwd /Users/srini0x00/Desktop/malware-analysis $ ...