Unmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part II

July 9, 2017

In part I of this blog, I finished the analysis of the native layer of a newly discovered Rootnik malware variant, and got the decrypted real DEX file. Here in part II, we will continue our analysis. A look into the decrypted real DEX file The entry of the decrypted DEX file is the class demo.outerappshell.OuterShellApp. The definition of the class OuterShellApp is shown below. Figure 1. The class demo.outerappshell.OuterShellApp We will first analyze the function attachBaseContext(). The following is the function aBC() in the class...

Read more...

Previous Article
Unmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part III
Unmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part III

In this final blog in the Rootnik series we will finish our analysis of this new variant. Let’s start by l...

Next Article
Unmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part I
Unmasking Android Malware: A Deep Dive into a New Rootnik Variant, Part I

Part I: How to Unpack the Malware App This past January I performed a deep analysis of an Android rootnik ...