Android malware analysis and classification platform
Follow @apkdetect on Twitter
Want to join? Contact:

android

Analyze Android apps

Upload suspicious Android applications and receive a comprehensive analysis. Inspect their code for features like dynamic code loading, emulator detection, amongst others.

fingerprint

Identify malware families

apkdetect allows to identify most of modern malware families, including a variety of banking trojans and droppers, e.g. BankBot Anubis, BianLian.

timeline

Extract malware configs

Whenever apkdetect recognizes malware family, its configuration gets extracted and becomes available for the analyst. Configs can be tracked by a specific keywords, e.g. pl.mbank.

layers_clear

Defeat loaders

Quite a few malware families utilize loaders to dynamically decrypt and use code. apkdetect tries to recognize the most popular loaders and extract decrypted code to be analyzed by other modules.

search

Search for samples

All analyses of samples that a user has access to are wholly browsable. One can search for different common features which are available in the analysis report.

share

Share with community

Uploaded samples can be shared with the community so other researchers can stay up to date with current threats. Furthermore, an analyst is capable of adding a comment to analyzed samples indicating e.g. APK distribution method.

Take a quick glance to check APK features!
  • Dangerous permissions
  • APK components with related intents
  • Certificate information
  • Files in the APK
  • Resource strings
  • Code features with API calls
  • Strings with interesting URLs, domains and others
Malicious APK detection

apkdetect uses a few methods to detect malicious Android applications.

  • Detecting shared code between known malware families
  • Custom signatures
  • YARA rules (200+)

Shared code detection was designed on the research made for BSc thesis:

"Android malware detection and classification based on analysis of virtual method calls" by Witold Precikowski (@pr3wtd)
Malware configuration extraction

apkdetect can currently analyze configurations of 30+ malware families and their variants including:

  • Anubis
  • Mazain
  • ExoBot
  • Razdel
  • BianLian
  • NeoBot
  • Cerberus
  • ... and many others!
Take a quick glance to check APK features!
  • Dangerous permissions
  • APK components with related intents
  • Certificate information
  • Files in the APK
  • Resource strings
  • Code features with API calls
  • Strings with interesting URLs, domains and others
Malicious APK detection

apkdetect uses a few methods to detect malicious Android applications.

  • Detecting shared code between known malware families
  • Custom signatures
  • YARA rules (200+)

Shared code detection was designed on the research made for BSc thesis:

"Android malware detection and classification based on analysis of virtual method calls" by Witold Precikowski (@pr3wtd)
Malware configuration extraction

apkdetect can currently analyze configurations of 30+ malware families and their variants including:

  • Anubis
  • Mazain
  • ExoBot
  • Razdel
  • BianLian
  • NeoBot
  • Cerberus
  • ... and many others!