Hunting potential C2 commands in Android malware via Smali string comparison and control flow analysis

No ratings

Presented at VB2025 Berlin by

JunWei Song

Identifying command-and-control (C2) commands in Android malware is crucial for understanding its intent and enhancing threat mitigation strategies. Traditional dynamic analysis methods rely on network traffic analysis and often struggle against encryption, obfuscation, or unavailable C2 servers. Additionally, advanced anti-analysis techniques further hinder dynamic approaches. To address these challenges, we propose a static analysis method to efficiently locate functions that may contain C2 commands, significantly accelerating malware reverse engineering and increasing the likelihood of discovering previously unknown malware containing C2 commands.