Characteristic Analysis of Trojan-Spy Malware on the Android Operating System through a Reverse Engineering Approach

Abstract

The rapid advancement of communication technology has contributed to the widespread adoption of Android devices within society, accompanied by a corresponding increase in digital security threats, including Trojan-Spy malware. This type of malware disguises itself as a legitimate application while covertly accessing users’ personal data. This study aims to analyze the characteristics of Trojan-Spy malware on the Android operating system using a reverse engineering approach. This method was selected due to its capability to deconstruct and identify the internal structure and concealed behavior of malware. The sample analyzed in this research was the application UndanganPernikahan.apk, which was distributed through a WhatsApp message. The research was conducted through several stages, including initialization, decompilation, static analysis, code reversing, and behavioral analysis. The findings indicate that the malware possesses the capability to read and send SMS messages, intercept notifications from other applications, execute remote commands via SMS, and transmit collected data to an external server through the Telegram Bot API. Furthermore, the malware employs camouflage techniques by presenting a seemingly legitimate user interface in order to evade detection. These findings underscore the importance of applying reverse engineering techniques to uncover potential cyber threats and to support the development of mitigation strategies and protective systems for Android users against malware attacks.