Skip to main content

An Obfuscation-Neglect Android Malware Scoring System

Project description

Black Hat Arsenal Black Hat Arsenal HITB defcon
build status codecov license python version PyPi Download
Twitter

Malware Family Analysis Report Showcase

Family Summary Signature Behaviors Report
DroidKungFu Privilege escalation with C2 control. 1. Gain unlimited access to a device.
2. Install/Uninstall additional apps.
3. Forward confidential data.
View
GoldDream SMS/call log exfiltration with remote C2 commands. 1. Monitor SMS messages and phone calls.
2. Upload SMS messages and phone calls to remote servers.
View
SpyNote Credential theft and device surveillance via RAT. 1. Take screenshots.
2. Simulate user gestures.
3. Log user input.
4. Communicate with C2 servers.
View
DawDropper Dropper that installs banking trojans for financial theft. 1. Download APKs from remote servers.
2. Install additional APKs.
View
SLocker Android ransomware locking/encrypting devices. 1. Lock the device with an overlay screen. View
PhantomCard NFC relay–based financial fraud. 1. Communicate with C2 servers.
2. Read the payment data of NFC cards.
3. Captures PINs of NFC cards through deceptive screens.
View
ToxicPanda Banking trojan enabling on-device fraud. 1. Abuse Accessibility.
2. Remote device control.
3. Intercept OTP.
View
Hydra Banking trojan using overlay attacks. 1. Overlay credential theft.
2. Accessibility abuse.
3. Steal OTP/cookies.
View
SharkBot Banking trojan targeting financial credentials and transactions. 1. Abuse Accessibility services.
2. Perform overlay attacks to steal credentials.
3. Intercept SMS messages (OTP).
View
Antidot Banking trojan disguised as legitimate updates for financial data theft. 1. Intercept SMS messages (OTP).
2. Log user input (keylogging).
3. Enable remote control via C2.
View
Arsink Banking trojan focusing on credential and financial data exfiltration. 1. Steal sensitive data from device.
2. Intercept SMS messages (OTP).
View
TrickMo Banking trojan using overlay attacks and accessibility abuse for credential theft. 1. Overlay attacks to steal banking credentials.
2. Intercept SMS for 2FA bypass.
3. Screen recording and accessibility abuse.
4. Dynamic payload loading via reflection.
View
Anubis Banking trojan with RAT capabilities. 1. Overlay credential theft.
2. Keylogging.
3. Intercept SMS (OTP).
4. Remote control via C2.
View
GodFather Banking trojan targeting financial credentials through overlay and accessibility abuse. 1. Perform overlay attacks to steal credentials.
2. Abuse Accessibility services.
3. Intercept SMS messages (OTP).
4. Steal banking credentials and sensitive data.
View
TangleBot SMS-based Android malware stealing personal and financial data. 1. Spread through SMS phishing links.
2. Control device interactions and overlay screens.
3. Access SMS, contacts, call logs, camera, and microphone.
4. Steal account and financial information.
View
BRATA Banking trojan with remote control and anti-analysis capabilities. 1. Perform overlay attacks to steal banking credentials.
2. Abuse Accessibility services for device control.
3. Intercept SMS messages (OTP).
4. Execute factory reset or device wipe commands.
View

Quick Start

Step 1. Install via PyPi

Install the latest version of Quark Engine:

$ pip3 install -U quark-engine

Step 2. Download Latest Rules

Fetch the latest rule database:

$ freshquark

Step 3. Run Summary Report

Analyze an APK with the downloaded rules and generate a summary report:

$ quark -a <apk_file> -s

Step 4. View Results

Example output: Screenshot-2025-11-25-22-36-54

Acknowledgments

The Honeynet Project

Honeynet.org logo

Google Summer Of Code

Quark-Engine has been participating in the GSoC under the Honeynet Project!

Stay tuned for the upcoming GSoC! Join the Honeynet Slack chat for more info.

Core Values of Quark Engine Team

  • We love battle fields. We embrace uncertainties. We challenge impossibles. We rethink everything. We change the way people think. And the most important of all, we benefit ourselves by benefit others first.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

quark_engine-26.6.1.tar.gz (106.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

quark_engine-26.6.1-py3-none-any.whl (128.2 kB view details)

Uploaded Python 3

File details

Details for the file quark_engine-26.6.1.tar.gz.

File metadata

  • Download URL: quark_engine-26.6.1.tar.gz
  • Upload date:
  • Size: 106.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for quark_engine-26.6.1.tar.gz
Algorithm Hash digest
SHA256 8fa0341a8e5239b83d4b888976c25c5212359501c3c973c7663e41f854501c9d
MD5 d8a2b48b00dc479c71cccfa419d32fcb
BLAKE2b-256 0856d44ec39b95937c712cf4aa3c3e7c0ec4cbc0c950dc30eec3c126ab075905

See more details on using hashes here.

File details

Details for the file quark_engine-26.6.1-py3-none-any.whl.

File metadata

  • Download URL: quark_engine-26.6.1-py3-none-any.whl
  • Upload date:
  • Size: 128.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for quark_engine-26.6.1-py3-none-any.whl
Algorithm Hash digest
SHA256 80f55069c4a462249207df7aa984fcec77a9eb0f2341e0bf82513eae33e8c1e6
MD5 395b709e3c49c2eb69a0403845cb6437
BLAKE2b-256 9ddd6a0ab36d4789263363a87543f3d7af24880c4ffac9b6ed42e43c9341dac3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page