Using APKLAB.IO Mobile Threat Intel platform to fight banking threats
Nikolaos Chrysaidos, AVAST Software
In order to properly do his job well, an analyst requires detailed data analyses, breakdowns and correlations of applications with similar samples and behaviors at once. Apklab.io’s main goal is to provide structured intelligence for mobile threats, including collecting static and dynamic features, an indexable and queryable database of features, detection information, family tracking, custom and automatic labeling and prevents the threat from further spreading. Threats features are collected for our machine learning model by two main boxes – the dynamic and static analysis box. We will demonstrate its capabilities on the recent case of BankBot malware, which repeatedly, successfully made its way onto the Google Play Store.
In our presentation, we’d like to highlight some of the advantages of using a unified platform to hunt for new threats. During our presentation, we will explore how apklab.io has revolutionized the way we track threats (and in some cases also the actors behind them) in near real-time. We will also show how we use the platform to investigate prevalent campaigns in the wild.
All of this will be demonstrated on the recent case of BankBot malware, which repeatedly, successfully made its way onto the Google Play Store until today. In October and November of 2017, for instance, the malicious actors behind the BankBot were constantly uploading droppers to Google Play that were mainly downloading Banking Trojans. Using apklab.io and the family tracking feature, we were able to identify and detect every sample that was being uploaded to Google Play within a matter of minutes of them appearing.
Currently, we’re working on making the platform available, at least to some extent, to the general public and if all goes well, we’d like to conclude the presentation by announcing the availability of this platform to any interested parties.