Android Banker Deep Dive (Part 3)

Part 3 of our Banker Deep Dive. We analyze the code prior to the call to DexClassLoader, and discover an interesting WebView object. We also find that the method containing the code that writes the loaded APK to disk appears to be dead. --- In this [RE]laxing new series, I fully reverse a difficult Android Banker trojan from start to finish. These extensive "Deep Dive" segments concentrate on dissecting malware specimens and delving into the individual approaches employed to fully reverse them. Throughout the journey, I attempt to provide explanations of my techniques as much as possible, however, if any ambiguities arise, please feel free to post a comment below. Timestamps: 00:00 Intro 00:54 Begin Analysis 02:20 Looking at Malicious Class 04:29 Editing Shared Preferences 07:12 ...