You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been looking at incorporating Android heuristic detection for identifying suspicious activity, I can see that some implementations of grabbing dumpsys data and others have been interegrated into MVT but I'm wondering if there's scope for more detection based analysis?
This script is designed to analyze the structured output of the adb shell dumpsys batterystats --checkin command. By parsing this system-level battery usage report, the script systematically aggregates per-app battery consumption, tallies wakeups and wakelocks, and flags apps exhibiting suspicious battery drain characteristics. The goal is to identify anomalous background activity that could indicate spyware or stealthy malware.
This would significantly improve my ability to identify suspicious packages. I've only tested this in development environments and not on live spyware cases yet.
If you have time would appreciate seeing if it has a place in MVT, and if so, maybe testing too to see effectiveness
The text was updated successfully, but these errors were encountered:
Hi,
I've been looking at incorporating Android heuristic detection for identifying suspicious activity, I can see that some implementations of grabbing dumpsys data and others have been interegrated into MVT but I'm wondering if there's scope for more detection based analysis?
Here's an example:
https://github.com/0x0v1/MVT-Android-Heuristics/tree/main/batteryusage
This script is designed to analyze the structured output of the adb shell dumpsys batterystats --checkin command. By parsing this system-level battery usage report, the script systematically aggregates per-app battery consumption, tallies wakeups and wakelocks, and flags apps exhibiting suspicious battery drain characteristics. The goal is to identify anomalous background activity that could indicate spyware or stealthy malware.
https://github.com/0x0v1/MVT-Android-Heuristics/blob/main/batteryusage/parse_batterystats.py
This would significantly improve my ability to identify suspicious packages. I've only tested this in development environments and not on live spyware cases yet.
If you have time would appreciate seeing if it has a place in MVT, and if so, maybe testing too to see effectiveness
The text was updated successfully, but these errors were encountered: