VirusTotal, the aggregated antivirus scanning engine owned by Google, announced today a new Android sandbox technology named Droidy. The feature, already live on the site, is a simulated Android OS environment meant for analyzing Android app behavior and producing reports for users and security researchers alike.
The additional behavioral details included in these reports should help security researchers confirm the malicious classification of VirusTotal scan results or, in some cases, overturn them.
Droidy is VT's next-gen Android sandbox
VirusTotal says Droidy is an improvement on its original Android sandbox environment the company first deployed in 2013, a year after Google bought the service.
The new Droidy sandbox will be able to provide additional information about a malware strain's activities, such as:
Network communications and SMS-related activity
Java reflection calls
Filesystem interactions
SQLite database usage
Services started, stopped, etc.
Permissions checked
Registered receivers
Crypto-related activity
To access a Droidy sandbox report, users must go to the VirusTotal page's Behavior tab and select Droidy from the dropdown list at the top. Currently there are three options available for Android malware analysis: VirusTotal Sandbox, VirusTotal Droidy, and Tencent HABO.
