GASF Mobile Malware and Anti-Forensics

Question 1

What is 'sideloading' on Android and why is it a malware risk?

Accepted Answer

Installing APKs from sources outside the official app store; bypasses Google Play Protect security scanning

Answer

Sideloading installs APK files from unofficial sources, bypassing Google Play Protect's malware scanning and potentially installing malicious applications.

Question 2

What is a 'repackaged' malicious Android app in the context of mobile malware analysis?

Accepted Answer

A legitimate app that has been decompiled, malicious code injected, and repackaged as a trojan

Answer

Repackaged malware takes a legitimate popular app, injects malicious code using tools like APKTool, and redistributes the modified APK, tricking users with a familiar interface.

Question 3

What tool is commonly used to decompile Android APK files for malware analysis?

Accepted Answer

jadx or apktool

Answer

JADX and APKTool are widely used for Android APK reverse engineering: APKTool decodes resources and smali code while JADX decompiles to readable Java source code.

Question 4

What is 'Pegasus' spyware and what mobile platforms does it target?

Accepted Answer

A sophisticated nation-state surveillance tool targeting both iOS and Android devices via zero-click exploits

Answer

Pegasus is a highly advanced commercial spyware developed by NSO Group that exploits zero-day and zero-click vulnerabilities to silently compromise both iOS and Android devices for surveillance.

Question 5

Which Android permission is most commonly abused by mobile malware for data exfiltration?

Accepted Answer

READ_CONTACTS and READ_SMS combined with INTERNET permission

Answer

Malware commonly combines READ_CONTACTS and READ_SMS with INTERNET permission to harvest personal data from the device and exfiltrate it to a command-and-control server.

GASF - Giac Advanced Smartphone Forensics Practice Test

GASF - Giac Advanced Smartphone Forensics Practice Test

GASF Mobile Malware and Anti-Forensics