Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Method, terminal device and storage medium for detecting malicious code injected when apk is running

A malicious code and memory address technology, the application is injected into the malicious code field when the Android installation package is detected, which can solve the problem of inaccurate detection results.

Active Publication Date: 2019-12-17
XIAMEN ANSCEN NETWORK TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, it is easy to lead to inaccurate test results

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, terminal device and storage medium for detecting malicious code injected when apk is running

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] see figure 1 As shown, the present invention provides a method for detecting malicious code injected into the Android installation package during operation, which can effectively detect whether the APK is injected with malicious code by hook frameworks such as xposed during the running process.

[0031] The concrete process of the method described in the present invention is as follows:

[0032] S1: start the Android installation package (APK), and enter the step S2;

[0033] S2: Generate a native method M through static registration or dynamic registration, whose memory address is m, and enter step S3;

[0034] S3: Obtain the storage start address of M: In the native code of M, by calling the java native interface (jni) function, the jmethodID of the method is obtained, where jmethodID is the storage start address of the corresponding data structure of the method in the java virtual machine , specifically, the java native interface (jni) function to be called is the ...

Embodiment 2

[0044]The present invention also provides a terminal device for detecting malicious code injected into an Android installation package during operation, including a memory, a processor, and a computer program stored in the memory and operable on the processor, and the processor executes The computer program implements the steps in the above-mentioned method embodiments of the embodiments of the present invention, for example figure 1 Method steps for steps shown.

[0045] Further, as an executable solution, the terminal device that detects that malicious code is injected into the Android installation package during operation may be computing devices such as desktop computers, notebooks, palmtop computers, and cloud servers. The terminal device that detects that the Android installation package is injected with malicious code may include, but not limited to, a processor and a memory. Those skilled in the art can understand that the composition and structure of the above-mentio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting malicious codes injected during APK operation. According to a principle that the malicious codes are injected during the APK operation by modifying a data structure of a java method in an android system virtual machine, the malicious codes injected during the APK operation are detected. By detecting whether the stored data structure of a key method ofan application in the virtual machine is changed or not, whether the malicious codes are injected during the APK operation or not is detected, so that a detection result is more accurate and effective.

Description

technical field [0001] The invention relates to the technical field of system security, in particular to a method for detecting malicious code injected into an Android installation package during operation, a terminal device and a storage medium. Background technique [0002] Xposed is a general hook framework on the android system, which can hook (hook) the application programming interface (api) of the running system or the Android installation package (APK) itself, change the parameters or execution logic of the api itself, and is widely used It is used in system UI beautification, system function customization, etc. Due to its powerful functions, it is also applied to malicious code injection, modifying the normal operation logic of APK (for example: APK payment function cracking, APK private data theft, etc.), resulting in security issues such as user data and privacy leakage. [0003] Therefore, to timely and effectively detect hook frameworks like xposed (that is, in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/562G06F2221/033
Inventor 刘星魏丽珍梁煜麓罗佳
Owner XIAMEN ANSCEN NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products