quark-engine 26.4.1

An Obfuscation-Neglect Android Malware Scoring System

Malware Family Analysis Report Showcase

Family	Summary	Signature Behaviors	Report
DroidKungFu	Privilege escalation with C2 control.	1. Gain unlimited access to a device. 2. Install/Uninstall additional apps. 3. Forward confidential data.	View
GoldDream	SMS/call log exfiltration with remote C2 commands.	1. Monitor SMS messages and phone calls. 2. Upload SMS messages and phone calls to remote servers.	View
SpyNote	Credential theft and device surveillance via RAT.	1. Take screenshots. 2. Simulate user gestures. 3. Log user input. 4. Communicate with C2 servers.	View
DawDropper	Dropper that installs banking trojans for financial theft.	1. Download APKs from remote servers. 2. Install additional APKs.	View
SLocker	Android ransomware locking/encrypting devices.	1. Lock the device with an overlay screen.	View
PhantomCard	NFC relay–based financial fraud.	1. Communicate with C2 servers. 2. Read the payment data of NFC cards. 3. Captures PINs of NFC cards through deceptive screens.	View
ToxicPanda	Banking trojan enabling on-device fraud.	1. Abuse Accessibility. 2. Remote device control. 3. Intercept OTP.	View
Hydra	Banking trojan using overlay attacks.	1. Overlay credential theft. 2. Accessibility abuse. 3. Steal OTP/cookies.	View
SharkBot	Banking trojan targeting financial credentials and transactions.	1. Abuse Accessibility services. 2. Perform overlay attacks to steal credentials. 3. Intercept SMS messages (OTP).	View
Antidot	Banking trojan disguised as legitimate updates for financial data theft.	1. Intercept SMS messages (OTP). 2. Log user input (keylogging). 3. Enable remote control via C2.	View
Arsink	Banking trojan focusing on credential and financial data exfiltration.	1. Steal sensitive data from device. 2. Intercept SMS messages (OTP).	View
TrickMo	Banking trojan using overlay attacks and accessibility abuse for credential theft.	1. Overlay attacks to steal banking credentials. 2. Intercept SMS for 2FA bypass. 3. Screen recording and accessibility abuse. 4. Dynamic payload loading via reflection.	View

Quick Start

Step 1. Install via PyPi

Install the latest version of Quark Engine:

$ pip3 install -U quark-engine

Step 2. Download Latest Rules

Fetch the latest rule database:

$ freshquark

Step 3. Run Summary Report

Analyze an APK with the downloaded rules and generate a summary report:

$ quark -a <apk_file> -s

Step 4. View Results

Example output:

Acknowledgments

The Honeynet Project

Google Summer Of Code

Quark-Engine has been participating in the GSoC under the Honeynet Project!

• 2021:
  • YuShiang Dang: New Rule Generation Technique & Make Quark Everywhere Among Security Open Source Projects
  • Sheng-Feng Lu: Replace the core library of Quark-Engine

Stay tuned for the upcoming GSoC! Join the Honeynet Slack chat for more info.

Core Values of Quark Engine Team

• We love battle fields. We embrace uncertainties. We challenge impossibles. We rethink everything. We change the way people think. And the most important of all, we benefit ourselves by benefit others first.