See more tidbits from us at @apklabio!

Icon SHAs & Batches

🆕 Now the analyst can add samples to batches. Better organization for your malware investigation

🆕 Some new static features (ex. FullscreenActivityInScreenReceiver)

🆕 Search by Icon SHA1. For those cases that you want to find exactly similar samples based on the app icon


Static Features - Updates

 

Receiver on boot:

The app has a receiver with permission to register

Motivation: Adware tends to show advertisements just after using this receiver or it uses this receiver to keep alive service that handles showing such applications

 

Register Receiver When Screen Off:

The app dynamically registers receiver that reacts to turning off the screen

Motivation: A lot of adware uses such receivers to show adverts just after the user turns on the screen

 

Overrides OnBackPressed method without invoking original super method or finishing an activity:

Motivation: Adware/Lockers uses this to disable closing their app (advertisements) by clicking on the back button. 

 

Runs Repeating Thread:

Detects standard way of setting up repeating tasks (threads) within the app

Motivation: This may be used to either keep a service alive or to repeatedly show advertisements to the user (ex. once per second) in order to effectively block any other action hoping the user will click on the ads.

 

Starts activity in a repeatedly run thread:

Detects if the repeating task (as detected by previous rule) is starting an activity

Motivation: There are quite a lot of reasons to start a repeating task, this rule tries to be less sensitive, so the result given by this rule may be more precise

 

For static feature requests, mail us at apklab@avast.com.


apklab.io Press Release

Avast Threat Labs Debuts apklab.io -  an Intelligence-driven Threat Hunting Platform for the Security Analyst Community

Mobile World Congress, Barcelona, February 26, 2019 – Avast (LSE:AVST), a leading global cybersecurity provider, today announced the launch of apklab.io, a mobile threat intelligence platform (MTIP) designed to provide real-time intelligence for Android™ security researchers.

More:

https://press.avast.com/avast-threat-labs-debuts-apklab.io-an-intelligence-driven-threat-hunting-platform-for-the-security-analyst-community

1988-2019 © Avast Software s.r.o. Privacy policy
avast logo