A friend of mine asked me help him to examine his Android 5.0 smartphone. He did not say what's wrong with his phone, and he just wonder why his wife know everything he chat on the phone, and where he has been.

I'd like to help him to figure out if anything wrong about his phone. When I start to monitor his phone, I find a very interesting stuff running on his phone. Obviously it try to pretend that it's Google Play App, actually it is not...Also I could see the destination ip and port...

I start to analye and figure out where it is. Yes that's it..a very suspicious package-"com.example.downloader"

Look at the Manifest and it's really scaring. It can read/write SMS, storage, contacts, calendar,locactions, process outgoing calls, even recording audio.

Guess what? It also could record chat messages including Naver Line, Facebook, What's App, Skype, and WeChat. No wonder his wife knows everything he chat on the phone. You could see the Naver Line chat messages recording on its own Database as below.

I told him what I found on his phone, and he was very angry. He swore to figure out what his wife has done to his phone and when she did this. I told hime that maybe she bought this App on the internet or her friend taught her to do so.  I think the reason why she did it maybe she's afraid that her husband does not love her anymore. If her husband has affair with other girls and she will know immediately.  Still it's illeagl and it's not a right thing to do to the one you love.

Android Malware Analysis的更多相关文章

  1. malware analysis、Sandbox Principles、Design && Implementation

    catalog . 引言 . sandbox introduction . Sandboxie . seccomp(short for secure computing mode): API级沙箱 . ...

  2. Deep Android Malware Detection小结

    题目:Deep Android Malware Detection 作者:Niall McLaughlin, Jesus Martinez del Rincon, BooJoong Kang 年份:2 ...

  3. cdmc2016数据挖掘竞赛题目Android Malware Classification

    http://www.csmining.org/cdmc2016/ Data Mining Tasks Description Task 1: 2016 e-News categorisation F ...

  4. Python Ethical Hacking - Malware Analysis(1)

    WRITING MALWARE Download file. Execute Code. Send Report. Download & Execute. Execute & Repo ...

  5. Practical Malware Analysis里有关inetsim\APATEDNS

    以前从未接触过linux,碰到了许多问题,按步骤: 1\安装VMWARE,安装ubuntu16.04 问题1:之前装的是VM10,装完后没有安装VMTOOLS,我点安装 VMTOOLS,它弹出“简易安 ...

  6. Python Ethical Hacking - Malware Analysis(4)

    DOWNLOAD_FILE Download files on a system. Once packaged properly will work on all operating systems. ...

  7. Python Ethical Hacking - Malware Analysis(3)

    Stealing WiFi Password Saved on a Computer #!/usr/bin/env python import smtplib import subprocess im ...

  8. Python Ethical Hacking - Malware Analysis(2)

    Filtering Command Output using Regex #!/usr/bin/env python import smtplib import subprocess import r ...

  9. APK自我保护方法

    标 题: [原创]APK自我保护方法 作 者: MindMac 时 间: 2013-12-28,21:41:15 链 接: http://bbs.pediy.com/showthread.php?t= ...

随机推荐

  1. 不能向Github提交某一類型的文件

    之前在github上建了6個project,但是其中有一個不能提交jar文件,其他的都可以.後來發現原來在項目中有一個叫.gitignore的文件,其他項目里的都是/bin,但是那個不能提交jar的項 ...

  2. JAVA 根据用户输入数据求某年到某年有多少天

    实例: import java.util.*; //求某年到某年有多少天 public class Test{ public static void main(String[] args){ Scan ...

  3. 在OneThink(ThinkPHP3.2.3)中整合阿里云OSS的PHP-SDK2.0.4,实现Web端直传,服务端签名直传并设置上传回调的实现流程

    在OneThink(ThinkPHP3.2.3)中整合阿里云OSS的PHP-SDK2.0.4,实现本地文件上传流程 by shuijingwan · 2016/01/13 1.SDK安装 github ...

  4. C#EasyHook例子C# Hook 指定进程C#注入指定进程 z

    http://bbs.msdn5.com/thread-75-1-1.html http://pan.baidu.com/s/1pJDgHcR

  5. 编写webpy程序,iep 报错,ulipad 运行正确

    在web.py编程中,使用模板文件时,iep下会报错.ulipad不会报错. 用python 运行不报错. 在寻找答案.初步估计是iep的python运行环境有问题. 如图:

  6. APKTool 提取APK文件的资源

    APK文件本身是一个压缩包,直接用解压工具即可打开,但里面的文件都已被编码为二进制文件格式,不能直接看,比如程序描述文件AndroidManifest.xml. 使用apktool工具可以将这些文件解 ...

  7. 关于 Python Iterator 协议的一点思考

    转:http://www.jianshu.com/p/dcf83643deeb Python 中有好几种容器或者序列类型:list tuple dict set str,对于这些类型中的内容,往往需要 ...

  8. 蓝桥杯---剪格子(DFS&BFS)(小总结)

    问题描述 如下图所示,3 x 3 的格子中填写了一些整数. +--*--+--+ |10* 1|52| +--****--+ |20|30* 1| *******--+ | 1| 2| 3| +--+ ...

  9. ProGuard

    ProGuard的作用:  1.创建紧凑的代码文档是为了更快的网络传输,快速装载和更小的内存占用. 2.创建的程序和程序库很难使用反向工程. 3.所以它能删除来自源文件中的没有调用的代码 4.充分利用 ...

  10. 《Code Complete》ch.16 控制循环

    WHAT? 反复执行的代码片段(你是第一天学编程吗) WHY? 知道如何使用及何时使用每一种循环是创建高质量软件的一个决定性因素 HOW? 检测位于循环开始/循环结尾 带退出的循环 进入循环 只从一个 ...