Analysis of Malware Inserted in APK Files in the Case of “Undangan Nikah.apk” Using Reverse Engineering

Analysis of Malware Inserted in APK Files in the Case of “Undangan Nikah.apk” Using Reverse Engineering

연구 분야: Analysis

학회: 2023 International Conference on Technology, Engineering, and Computing Applications (ICTECA)

WhatsApp is one of the most widely used social media platforms for communication due to its ease of use, simplicity, and diverse features. However, hackers often exploit its convenience for phishing attacks. Recently, there have been cases of hackers sending wedding invitation messages in APK format containing Android malware to WhatsApp users. Unaware of the hacker’s tactics, some users click on these messages, inadvertently granting access to the APK file containing malware on their smartphones. This paper aims to explore how the embedded malware in the APK file operates after being installed on Android devices, using reverse engineering. Examination of the Java source code obtained through reverse engineering exposes that the malware integrated into the code aims to obtain authorization for handling (receiving and sending) SMS messages from the targeted smartphone to the hacker. This poses a significant risk, especially given the widespread use of SMS for transactions or banking authentication, such as SMS banking, transmission of OTP codes, or other authentication methods. The findings of this study are to offer insights to individuals who may lack awareness regarding different file types on their Android devices, thereby contributing to the prevention of scams employing similar tactics.