Digital Forensic Analysis Of APK Files In Phishing Scams On Whatsapp Using The NIST Method

Authors

  • shafa alya sudjayanti Universitas Widyatama, Indonesia
  • Dani Hamdani Universitas Widyatama, Indonesia

DOI:

https://doi.org/10.47709/brilliance.v4i1.3800

Keywords:

cybercrime, phising, digital forensic, NIST, APK

Abstract

Cybercrime targeting Android devices through phishing methods, especially through the WhatsApp messaging app, has emerged as a critical issue in cybersecurity. It requires comprehensive investigation and analysis. This research attempts to address this critical issue by conducting a comprehensive digital forensic investigation using the National Institute of Standards and Technology (NIST) framework methodology. Using advanced reverse engineering techniques and Vscode's APKTool extension tool, called APKLab, the research carefully examines the structure and mechanism of hidden encoded APK files that aim to steal sensitive information, such as SMS messages containing one-time passwords (OTPs), and send them via the Telegram app to attackers who can use them to access personal and banking data. As a result, this research provides a deeper understanding of the cybersecurity threats to Android devices and suggestions for mitigation measures for users and organizations. The recommendations are consistent with NIST principles. They emphasize the importance of user education, application source code reviews, system updates, and considering the use of additional security software. By filling an important gap in digital forensics, this research aims to provide insight into preventing and mitigating phishing scams via APK files on WhatsApp Android. It also highlights the importance of strong cybersecurity measures and encourages continued research efforts to effectively counter emerging cyber threats.

References

A. N., & Muslihudin. (2020). Analisis Forensik pada Web Phishing Menggunakan Metode National Institute Of Standards And Technology (NIST). jurnal Sarjana Teknik Informatika, Vol. 8, No. 2.

Arif Hidayat, I. P. (2022). Bot Monitoring Jaringan Pada BMT Mentari Lampung Timur Menggunakan Mikrotik Dan API Telegram. Jurnal Teknologi Komputer dan Sistem Informasi (JTKSI), Volume 5, no.03, 215-220.

Badan Siber dan Sandi Negara. (2023). Imbauan Keamanan Penipuan dengan Modus Berkas Aplikasi Berbasis Android (.apk) melalui Surat Undangan Pernikahan. Jakarta Selatan: Badan Siber dan Sandi Negara.

Bhardwaj, A. &. (2012). Cybercrime: A contemporary perspective. New Delhi: PHI Learning Private Limited.

D. K. (2024, March 13). Bank Indonesia. Retrieved from TELANJUR KLIK APK PENIPUAN? SEGERA IKUTI 5 LANGKAH INI: https://www.bi.go.id/id/publikasi/ruang-media/cerita-bi/Pages/telanjur-klik-apk-penipuan.aspx

K. S. (2023, September 6). Valid News. Retrieved from Negara Dengan Jumlah Pengguna WhatsApp Terbanyak: https://validnews.id/catatan-valid/negara-dengan-jumlah-pengguna-whatsapp-terbanyak

Karen Kent (NIST), S. C. (2006). Guide to Integrating Forensic Techniques into Incident Response. NIST SP 800-86.

Krombholz, H. H. (2015). Cybercriminology: Outsmarting Cybercrime from the Inside. Thousand Oaks, CA: SAGE Publications.

Magno Moises, F. D., & Santoso, J. D. (2023). ANALISIS MALWARE ANDROID MENGGUNAKAN METODE REVERSE ENGINEERING. Jurnal Ilmiah Dan Karya Mahasiswa, vol. 1, no. 2, pp. 41–53.

Redaksi, T. (20223, August 11). VOI. Retrieved from Pengertian File APK: Berikut Uraiannya: https://voi.id/teknologi/300895/pengertian-file-apk#google_vignette

Respati, A. R., & A. I. (2023, July 7). Kompas. Retrieved from Waspada, Ini 8 Modus Penipuan File APK yang Pernah Terjadi di Indonesia: https://money.kompas.com/read/2023/07/07/075807426/waspada-ini-8-modus-penipuan-file-apk-yang-pernah-terjadi-di-indonesia?page=all

S. A. (2023, January 29). Badan Siber dan Sandi Negara. Retrieved from Imbauan Keamanan Modus Penipuan Menggunakan Undangan Pernikahan Elektronik .APK: https://www.bssn.go.id/imbauan-keamanan-modus-penipuan-menggunakan-undangan-pernikahan-elektronik-apk/

Saputra, I. P. (2023). APLIKASI BERBASIS WEB GUNA MEMONITORING KE AKTIFAN IP PUBLIC. BULLETIN OF NETWORK ENGINEERING AND INFORMATICS, Vol. 1 No 1.

Saputra, I. P., & A. H. (2023). Analisis Trojan Apk Menggunakan Metode Reverse Engineering Pada Serangan Phising. jurnal ilmu komputer dan informatika, Vol.4, No.2.

Sari, H. P., & Pratama, A. M. (2023, February 6). Kompas. Retrieved from Waspadai Modus Penipuan File APK, Kominfo: Hati-hati, Jangan Diunduh: https://money.kompas.com/read/2023/02/06/151000926/waspadai-modus-penipuan-file-apk-kominfo--hati-hati-jangan-diunduh-

Downloads

Published

2024-05-22

How to Cite

sudjayanti, shafa alya, & Hamdani, D. (2024). Digital Forensic Analysis Of APK Files In Phishing Scams On Whatsapp Using The NIST Method. Brilliance: Research of Artificial Intelligence, 4(1), 100–110. https://doi.org/10.47709/brilliance.v4i1.3800

Issue

Vol. 4 No. 1 (2024): Brilliance: Research of Artificial Intelligence, Article Research May 2024

Section

Articles

License

Copyright (c) 2024 shafa alya sudjayanti, Dani Hamdani

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Similar Articles

1 2 3 > >> 

You may also start an advanced similarity search for this article.