Security Experts:

VirusTotal Launches New Android Sandbox

Google-owned VirusTotal announced on Thursday the launch of a new Android sandbox designed to provide detailed information on potential threats targeting the mobile operating system.

The new sandbox, named VirusTotal Droidy, is designed to replace a system introduced back in 2013. Droidy can help researchers obtain information on network communications and SMS-related activities, file system interactions, SQLite database usage, permissions, Java reflection calls, process and service actions, registered receivers, and crypto-related activity.

Information from the Droidy sandbox is available in the Behavior section, and it can be selected from the dropdown menu that also includes the Tencent HABO analysis system. VirusTotal noted that the data from Droidy complements Tencent HABO - they are both part of a multisandbox project that aims to aggregate malware analysis sandbox reports.

Selecting Droidy from the behavior menu displays some general information about the analyzed file (example), but users can also obtain a detailed report that allows them to “dig into the hooked calls and take a look at the screenshots generated when running the apps.”

VirusTotal Droidy Android sandbox

Droidy integrates with other services, such as VirusTotal Graph and VirusTotal Intelligence. VirusTotal says its goal is to generate as much information as possible in order to help investigators get a better understanding of a particular threat.

“Very often during an investigation, you might not have enough context about an individual threat, and so being able to look at the connected URLs, domains, files, IP addresses, etc. becomes crucial in understanding what is going on,” explained VirusTotal’s Emiliano Martinez.

VirusTotal also announced recently that it has made several improvements to the MacOS sandbox.

Related: VirusTotal Now Scans Firmware Images

Related: VirusTotal Policy Change Rocks Anti-Malware Industry

Related: VirusTotal Launches Visualization Tool

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.