Yaralyze - Free malware detection Tool for Android Devices
Yaralyze is an malware detection tool for Android that relies on two types of static analysis, Yara rule analysis and hashes analysis.
There are currently over 7.26 billion mobile devices globally, meaning that approximately 91.54% of the world's population owns one. Among these devices, around 2.5 billion run on the Android operating system.
As we rely increasingly on our smartphones throughout the day, these devices store a wealth of personal information, making them attractive targets for cybercriminals. The growing importance of mobile devices in our lives necessitates robust security measures to protect against potential threats .
Protect your Android Device with Yaralyze
Yaralyze is an innovative malware detection tool designed specifically for Android devices. It utilizes two primary static analysis techniques: one based on YARA rules and the other focused on hash analysis. This dual approach enhances its effectiveness in identifying malicious applications.
How does it work?
The tool is built on a client-server architecture, enabling the server to be hosted in the cloud. This ensures that users can access it anytime, anywhere, as long as they have the client installed on their mobile device. One of the standout features of Yaralyze is its ability to store and visualize reports, making it easy for users to track malware detection results over time.
Yaralyze boasts an extensive database, leveraging over 130,000 YARA rules and 500,000 hashes of known malware apps sourced from platforms like VirusShare and GitHub.
It's important to note that these rules and hashes are not published in the repository, which adds an extra layer of security and exclusivity to the tool.
This combination of advanced analysis techniques and cloud accessibility positions Yaralyze as a powerful solution for anyone looking to enhance the security of their Android devices.
By continuously updating its database and providing clear visual reports, it empowers users to stay vigilant against emerging threats in the ever-evolving landscape of mobile malware.
¿What is a Yara Rules?
Within the category of static analysis are the Yara rules. Yara rules are a type of malware signature that allows to identify and classify known malware.
The rules have three sections, a meta section where information about the rule itself is usually placed, the strings section where the patterns on which we are going to compare the malware are defined and the conditions section where the condition that the pattern must meet for the file to be considered malware is defined. The yara rules can be extremely complex, so I recommend reading their documentation if you want to understand in more detail how they work.
Another favourable point of yara rules is that they are a current technique that is starting to be widely used by analysts, which means that there are a large number of contributions.
Testing on real malware
Two types of tests were carried out. One type of test consisted of testing the effectiveness of the tool in detecting known malware, using samples of Brata, Sharkbot, Cerberus and Flubot malwares, and the other was to test the speed of analysis.
Source-code and Download
Krypteria
