VirusTotal unveils Droidy sandbox, detecting malicious Android apps

Buzz

Ngày cập nhật gần nhất: 15/4/2026

Last Thursday, VirusTotal introduced the Droidy sandbox, aimed at identifying harmful Android applications. The new Droidy sandbox is designed to provide users with detailed insights into potential threats targeting mobile operating systems.

The new sandbox, named VirusTotal Droidy, is intended to replace the system launched in 2013. Droidy assists researchers in gathering information about communication networks, SMS message-related activities, interactions between system files, SQLite database usage, permission grants, Java Reflection calls, service actions, receiver registrations, and cryptographic operations.

Information from the Droidy sandbox is available under the Behavior section and can be selected from the menu, including analysis by the Tencent HABO system. VirusTotal also notes that supplemental data from Droidy for Tencent HABO is part of the multisandbox project aimed at aggregating sandbox reports for malware analysis.

When selecting Droidy from the Behavior menu, it will display some general information about the analyzed file, but users can also retrieve detailed reports to 'dig deeper into connected calls and view screenshots generated when running applications'.

VirusTotal unveils Droidy sandbox, detecting malicious Android applications

Droidy is integrated into other services, such as VirusTotal Graph and VirusTotal Intelligence. VirusTotal states their goal is to provide as much information as possible to help researchers better understand a specific threat.

According to Emiliano Martinez of VirusTotal: 'Sometimes during an investigation, you may not have enough context about a particular threat, to be able to look at connecting URLs, domains, files, IP addresses, etc. So this information is extremely important for users to understand what is happening'.

Furthermore, VirusTotal also announced they have made some improvements to the MacOS sandbox.

Surely you must be familiar with the leading free online virus scanning and virus removal tool, VirusTotal, so VirusTotal's Droidy sandbox for Android is definitely going to be a great application for users of this mobile platform.

Recently, a German network security company discovered a remote code execution vulnerability in the CyberArk Enterprise Password Vault application that could endanger user data and information. If you are using this software, make sure to update to the latest patched version or temporarily suspend usage.

Frequently Asked Questions

What are the key features of VirusTotal's Droidy sandbox?

VirusTotal's Droidy sandbox provides detailed insights into harmful Android applications, aiding researchers by analyzing communication networks, SMS activities, and system interactions. It offers in-depth reports that allow users to explore connected calls and view application screenshots.

How does the Droidy sandbox improve malware analysis for Android?

The Droidy sandbox enhances malware analysis by aggregating reports from various sources, including Tencent HABO. This multisandbox project allows researchers to gain a comprehensive understanding of threats by correlating data from different analysis tools.

What information can users obtain from the Behavior section in Droidy?

Users can access general information about analyzed files and retrieve detailed reports, including data on permission grants, service actions, and cryptographic operations, to enhance their threat investigation efforts.

Mytour's content is for customer care and travel encouragement only, and we are not responsible.

For errors or inappropriate content, please contact us at: [email protected]