Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
168 lines (105 sloc) 4.31 KB

Android Malware Detection

Detection Tools

DEXID

http://www.dunkelheit.com.br/android/forense/programas/dexid/

DEXID is a script written in Perl for displaying the contents of the classes.dex file (the file, which contains the bytecode in the APK files) and also for obtaining identification data for Android malware and using the obtained data to identify known such malware.

License: the author create a specific license in the attached file 'dexid.txt'.

andrototal

http://andrototal.org

DroidAnalytics

https://github.com/zhengmin1989/DroidAnalytics

maldrolyzer

Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers etc.)

https://github.com/maldroid/maldrolyzer

malice

Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company.

https://github.com/blacktop/malice

maline

An Android malware detection framework

https://github.com/soarlab/maline

DroidSearch

A Search Engine to Automatically Collect, Disassemble, Index and Search Android Malware

https://github.com/mssun/droidsearch

AndroidMalwareEvaluatingTools

Evaluation tools for malware Android

https://github.com/faber03/AndroidMalwareEvaluatingTools

Sample Crawlers

Android Market API

http://code.google.com/p/android-market-api/

Android Marketplace Crawler

http://code.google.com/p/android-marketplace-crawler/

google-play-downloader

https://github.com/evilsocket/google-play-downloader

googleplay-api

https://github.com/egirault/googleplay-api

GooglePlayAppsCrawler

https://github.com/MarcelloLins/GooglePlayAppsCrawler

Tinkerbell

A simple app to download from Unofficial Android Marketplace(s)

https://github.com/jacobsoo/Tinkerbell

WebAPKCrawler

Uses Google to search for .apks hosted on websites and downloads them

https://github.com/Fuzion24/WebAPKCrawler

Android Checkin

Android Checkin allows you to register a google account as if you were on android.

https://github.com/nviennot/android-checkin

playdrone

Google Play Crawler

https://github.com/nviennot/playdrone

Android Markets List

https://github.com/mssun/android-markets-list

APK-Crawler

https://github.com/gpp256/APK-Crawler

Malware Attacks and Defenses

RepackageDetection

A Script to detect if the Android application is repackaged based on the method proposed by the paper "Exploring reverse engineering symptoms in Android apps"

https://github.com/MindMac/RepackageDetection

FSquaDRA

Fast detection of repackaged Android applications based on the comparison of resource files included into the package.

https://github.com/zyrikby/FSquaDRA

AndroidEmulatorDetection

Contains many different ways to identify hostile environments.

https://github.com/Fuzion24/AndroidEmulatorDetection

HideAndroidEmulator

Slides and demo resources presented at HITCON 2014 & XCON 2014-"Guess Where I am-Android模拟器躲避的检测与应对"

https://github.com/MindMac/HideAndroidEmulator

anti-emulator

https://github.com/strazzere/anti-emulator

AntiTaintDroid

Escaping Taint Analysis (and stealing private information) on Android for Fun and Profit

https://github.com/gsbabil/AntiTaintDroid

angeapk

Encrypting a PNG into an Android application

https://github.com/cryptax/angeapk

rd

Android anti-root detection Proof of Concept

https://github.com/serianox/rd

Malware Samples and PoCs

NOTICE: You should use these tools ONLY for academic purposes.

ContagioMiniDump

http://contagiominidump.blogspot.com/

Thanks Mila!

VirusShare

http://virusshare.com/

Android Malware Tracker

http://amtrckr.info/

tap-android

http://code.google.com/p/tap-android/

gtmalware

http://code.google.com/p/gtmalware/

mmsbg

http://code.google.com/p/mmsbg/

androrat

An Android RAT trojan with source code.

https://github.com/RobinDavid/androrat

https://github.com/DesignativeDave/androrat

androibot

https://code.google.com/p/androibot/

Android Drawer

http://www.androiddrawer.com

hijackAndroidPowerOff

Android hijack power off

https://github.com/monstersb/hijackAndroidPowerOff

Android-Rootkit

A rootkit for Android. Based on "Android platform based linux kernel rootkit" from Phrack Issue 68

https://github.com/hiteshd/Android-Rootkit