Androzoo APK Search: A Search Service of Meta-Data Related to Android Malware presented at BSidesLuxembourg 2018

by Médéric Hurier,

Summary : We introduce Androzoo APK Search, an online service for querying structural information extracted from Android malware. The service is supported by an ElasticSearch cluster which can be leveraged by security experts to access a broad set of meta-data, including developer certificate information, source code elements, manifest information and antivirus labels collected for 1 million malicious applications. Androzoo APK Search can be accessed through a REST API and integrated with external projects via any HTTP clients.Compared to other platforms, our solution supports a fast access model for retrieving the list of applications which match a specific feature (e.g., call to a given method name). Thus, our system enables the community to track indicators of compromise related to Android malware. With more than 900 fields extracted through static analysis, experts can also exploit the meta-data that we provide to devise better detection systems and prevent the propagation of malicious samples. Finally, Androzoo APK Search can be used to compute analytical metrics and create a baseline for the characterization and the classification of malware families.