See more tidbits from us at @apklabio!

Icon SHAs & Batches

🆕 Now the analyst can add samples to batches. Better organization for your malware investigation

🆕 Some new static features (ex. FullscreenActivityInScreenReceiver)

🆕 Search by Icon SHA1. For those cases that you want to find exactly similar samples based on the app icon

Static Features - Updates


Receiver on boot:

The app has a receiver with permission to register

Motivation: Adware tends to show advertisements just after using this receiver or it uses this receiver to keep alive service that handles showing such applications


Register Receiver When Screen Off:

The app dynamically registers receiver that reacts to turning off the screen

Motivation: A lot of adware uses such receivers to show adverts just after the user turns on the screen


Overrides OnBackPressed method without invoking original super method or finishing an activity:

Motivation: Adware/Lockers uses this to disable closing their app (advertisements) by clicking on the back button. 


Runs Repeating Thread:

Detects standard way of setting up repeating tasks (threads) within the app

Motivation: This may be used to either keep a service alive or to repeatedly show advertisements to the user (ex. once per second) in order to effectively block any other action hoping the user will click on the ads.


Starts activity in a repeatedly run thread:

Detects if the repeating task (as detected by previous rule) is starting an activity

Motivation: There are quite a lot of reasons to start a repeating task, this rule tries to be less sensitive, so the result given by this rule may be more precise


For static feature requests, mail us at Press Release

Avast Threat Labs Debuts -  an Intelligence-driven Threat Hunting Platform for the Security Analyst Community

Mobile World Congress, Barcelona, February 26, 2019 – Avast (LSE:AVST), a leading global cybersecurity provider, today announced the launch of, a mobile threat intelligence platform (MTIP) designed to provide real-time intelligence for Android™ security researchers.


1988-2019 © Avast Software s.r.o. Privacy policy
avast logo