Skip to content
Sergio edited this page May 7, 2017 · 4 revisions

Welcome to Droidefense Wiki

Droidefense is an open source project licensed under GLPv3 that aims to be a next-gen in-memory Android application scanner.

What an Android application scanner is

Usually an Android application scanner is a set of algorithms and tools that attemp to analyze, classify, inspect and generate a result given an Android sample application.

What a malware is

Droidefense teams understands term malware as a, short word for malicious software, which basically is defined as any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. Within this description we found several categories in where malware samples can be classified.

Current top malware categories are:

  • Viruses
  • Trojan horses
  • Rootkits
  • Backdoors
  • Evasion & ZeroDays
  • Bloatware
  • Adware
  • PUA (Potentialy Unwanted Apps)

Viruses

A computer virus is a type of malicious software program ("malware") that, when executed, replicates by reproducing itself (copying its own source code) or infecting other computer programs by modifying them. Infecting computer programs can include as well, data files, or the "boot" sector of the hard drive.

Trojan horses

In computing, Trojan horse, or Trojan, is any malicious computer program which is used to hack into a computer by misleading users of its true intent.

Rootkits

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix-like operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware.

Backdoors

A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc. Backdoors are often used for securing unauthorized remote access to a computer, or obtaining access to plaintext in cryptographic systems.

Evasion & ZeroDays

A zero-day (also known as zero-hour or 0-day or day zero) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network. It is known as a "zero-day" because it is not publicly reported or announced before becoming active, leaving the software's author with zero days in which to create patches or advise workarounds to mitigate its actions.

Bloatware

Software bloat is a process whereby successive versions of a computer program become perceptibly slower, use more memory, disk space or processing power, or have higher hardware requirements than the previous version—whilst making only dubious user-perceptible improvements or suffering from feature creep.

Adware

Adware, or advertising-supported software, is any software package that automatically renders advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process.

PUA (Potentialy Unwanted Apps)

A potentially unwanted application (PUA) is a program that contains adware, installs toolbars or has other unclear objectives. There are some situations where a user may feel that the benefits of a potentially unwanted application outweigh the risks.