Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

a possible enhancement: monitoring package install #32

Open
GoogleCodeExporter opened this issue Apr 10, 2015 · 1 comment
Open

a possible enhancement: monitoring package install #32

GoogleCodeExporter opened this issue Apr 10, 2015 · 1 comment
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 


I was wondering if it is possible in droidbox 2.3 to discriminate between 
simple file activity and an 'install apk' activity,
when the file that is accessed is an apk and the malware actually installs it 
on the emulator.

I was monitoring the activity of the malware D13D1BC63026B9C26C7CD4946B1BAE0 
com.bntsxdn.pic.apk (an MSZombie.A sample from contagio) inside droidbox, and 
I've noticed that the installation of the new package a33.jpg.apk was reported 
as a file activity... But, indeed, it is a bit more dangerous that a simple 
file activity.

Do you have any clue on how to intercept package installations in droidbox?

Thank you very much!
Madalina

Original issue reported on code.google.com by madalina...@telecomitalia.it on 18 Sep 2012 at 1:59
@GoogleCodeExporter
Copy link
Author 

Well, it is not a defect, but I couldn't change the type... sorry!

Original comment by madalina...@telecomitalia.it on 18 Sep 2012 at 2:00

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter