Mobile Malware and Spyware Analysis
RCCE students will learn how malicious mobile code abuses permissions, overlays, accessibility services, embedded libraries, network channels, and persistence mechanisms to steal data or spy on users. RCCE students will learn to triage suspicious mobile applications, identify exfiltration behavior, extract indicators of compromise, understand spyware tradecraft, and support threat hunting and incident response for compromised mobile environments. The course covers practical scenarios ranging from sample triage to behavioral analysis and reporting. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Mobile Malware and Spyware Analysis
- Execute hands-on tasks for spyware analysis
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn — covering Course Structure.
- Execute hands-on tasks for mobile threat landscape
- Execute hands-on tasks for key threat actors
- Execute hands-on tasks for impact domains — covering 4.8B+ mobile devices worldwide, Nation-state spyware operators.
- Execute hands-on tasks for insider threat via mdm abuse — covering Financial theft and fraud.
- Execute hands-on tasks for mobile malware taxonomy — covering Disguised as legitimate apps.
- Execute hands-on tasks for trojans & rats — covering Disguised as legitimate apps.
- Execute hands-on tasks for spyware & stalkerware — covering Stealth GPS and call logging.
- Execute hands-on tasks for adware & pups — covering Aggressive ad injection.
- Design a scalable privilege management architecture with policy and enforcement
| Module 01 | Spyware Analysis |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Mobile Threat Landscape |
| Module 05 | Key Threat Actors |
| Module 06 | Impact Domains |
| Module 07 | Insider threat via MDM abuse |
| Module 08 | Mobile Malware Taxonomy |
| Module 09 | Trojans & RATs |
| Module 10 | Spyware & Stalkerware |
| Module 11 | Adware & PUPs |
| Module 12 | Android Security Architecture |
| Module 13 | Kernel & Sandbox |
| Module 14 | Application Layer |
All hands-on labs run on Rocheston Rose X OS. Students practice mobile malware and spyware analysis by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for spyware analysis
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for mobile threat landscape
- Lab 5: Execute hands-on tasks for key threat actors
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Mobile Malware and Spyware Analysis, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI