qwaider / droidbox

Automatically exported from code.google.com/p/droidbox
0 stars 0 forks source link

a possible enhancement: monitoring package install #32

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

I was wondering if it is possible in droidbox 2.3 to discriminate between 
simple file activity and an 'install apk' activity,
when the file that is accessed is an apk and the malware actually installs it 
on the emulator.

I was monitoring the activity of the malware D13D1BC63026B9C26C7CD4946B1BAE0 
com.bntsxdn.pic.apk (an MSZombie.A sample from contagio) inside droidbox, and 
I've noticed that the installation of the new package a33.jpg.apk was reported 
as a file activity... But, indeed, it is a bit more dangerous that a simple 
file activity.

Do you have any clue on how to intercept package installations in droidbox?

Thank you very much!
Madalina

Original issue reported on code.google.com by madalina...@telecomitalia.it on 18 Sep 2012 at 1:59

GoogleCodeExporter commented 9 years ago
Well, it is not a defect, but I couldn't change the type... sorry!

Original comment by madalina...@telecomitalia.it on 18 Sep 2012 at 2:00