DroidHook: a novel API-hook based Android malware dynamic analysis sandbox

“…Alternatively, CuckooDroid is an extension of Cuckoo Sandbox [42] for automating the analysis of Android apps; it is based on the Xposed Framework to monitor API calls and provide blue pills to the target apps. Similarly to CuckooDroid, over the years, other researchers proposed hookbased sandboxes which rely on Xposed [30,34,43] or Frida [40]. In 2018, Liu et al [59] proposed RealDrois, an emulator-based analysis system built by modifying the Android framework.…”

“…Cells [25] Condroid [95] VPBox [86] VMI-based [88,96] Framework mod. [59,74] Hook-based [30,34,40,43,60] DroidDungeon Anti-evasion Maintenability Scalability…”

Unmasking the Veiled: A Comprehensive Analysis of Android Evasive Malware

“…Alternatively, CuckooDroid is an extension of Cuckoo Sandbox [42] for automating the analysis of Android apps; it is based on the Xposed Framework to monitor API calls and provide blue pills to the target apps. Similarly to CuckooDroid, over the years, other researchers proposed hookbased sandboxes which rely on Xposed [30,34,43] or Frida [40]. In 2018, Liu et al [59] proposed RealDrois, an emulator-based analysis system built by modifying the Android framework.…”

“…Cells [25] Condroid [95] VPBox [86] VMI-based [88,96] Framework mod. [59,74] Hook-based [30,34,40,43,60] DroidDungeon Anti-evasion Maintenability Scalability…”

Unmasking the Veiled: A Comprehensive Analysis of Android Evasive Malware

ReckDroid: Detecting red packet fraud in Android apps

TDBAMLA: Temporal and dynamic behavior analysis in Android malware using LSTM and attention mechanisms