Detecting Dynamic Loading in Android Applications With /proc/maps

TL;DR: Through dynamic loading, malware authors can covertly load malicious code into their application in order to avoid detection. We can detect such loading through the application’s /proc/[PID]/maps kernel generated file.Recently, we created a simple script that allows us to detect dynamic loading in Android apps. This presented us with a good opportunity to discuss […]