Security Experts:

Connect with us

Hi, what are you looking for?



VirusTotal Launches New Android Sandbox

Google-owned VirusTotal announced on Thursday the launch of a new Android sandbox designed to provide detailed information on potential threats targeting the mobile operating system.

Google-owned VirusTotal announced on Thursday the launch of a new Android sandbox designed to provide detailed information on potential threats targeting the mobile operating system.

The new sandbox, named VirusTotal Droidy, is designed to replace a system introduced back in 2013. Droidy can help researchers obtain information on network communications and SMS-related activities, file system interactions, SQLite database usage, permissions, Java reflection calls, process and service actions, registered receivers, and crypto-related activity.

Information from the Droidy sandbox is available in the Behavior section, and it can be selected from the dropdown menu that also includes the Tencent HABO analysis system. VirusTotal noted that the data from Droidy complements Tencent HABO – they are both part of a multisandbox project that aims to aggregate malware analysis sandbox reports.

Selecting Droidy from the behavior menu displays some general information about the analyzed file (example), but users can also obtain a detailed report that allows them to “dig into the hooked calls and take a look at the screenshots generated when running the apps.”

VirusTotal Droidy Android sandbox

Droidy integrates with other services, such as VirusTotal Graph and VirusTotal Intelligence. VirusTotal says its goal is to generate as much information as possible in order to help investigators get a better understanding of a particular threat.

“Very often during an investigation, you might not have enough context about an individual threat, and so being able to look at the connected URLs, domains, files, IP addresses, etc. becomes crucial in understanding what is going on,” explained VirusTotal’s Emiliano Martinez.

VirusTotal also announced recently that it has made several improvements to the MacOS sandbox.

Related: VirusTotal Now Scans Firmware Images

Related: VirusTotal Policy Change Rocks Anti-Malware Industry

Related: VirusTotal Launches Visualization Tool

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.