https://github.com/UDcide/udcide

Android Malware Behavior Deleter
https://github.com/UDcide/udcide

android antivirus editor malware security security-tools

Last synced: about 2 months ago
JSON representation

Android Malware Behavior Deleter

• Host: GitHub
• URL: https://github.com/UDcide/udcide
• Owner: UDcide
• License: gpl-3.0
• Created: 2021-05-06T08:19:41.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2021-06-02T05:17:25.000Z (over 4 years ago)
• Last Synced: 2024-04-15T04:12:36.234Z (over 1 year ago)
• Topics: android, antivirus, editor, malware, security, security-tools
• Language: Python
• Homepage:
• Size: 35.8 MB
• Stars: 31
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-security - UDcide - Android Malware Behavior Editor. (Endpoint / Mobile / Android / iOS)
• venom - `UDcide` - Android Malware Behavior Editor. (Endpoint / Mobile / Android / iOS)

README

          


    

     Android Malware Behavior Deleter 





    

        

    

    

        

    

        

        

    

        

        

    



# UDcide

UDcide is a tool that provides alternative way to deal with Android malware. We help you to detect and remove specific behaviors in the malware rather than just delete the whole binary. And surprisingly, we make the binary runs still. This enables possibilities of malware investigation (e.g. Delete behaviors like VM detection, icon hiding etc. Helping analysts overcome malware evasion problems during the analysis).

![](https://i.imgur.com/TrvdsEr.gif)

## Getting Started With VScode Extension

We also provide a VScode extension to use UDcide, download from [Marketplace](https://marketplace.visualstudio.com/items?itemName=Aparna.udcide) and see the usage below.

- `(Ctrl + Shift + P)` to open command palette -> `UDcide: Android Malware Behavior Deleter` -> Choose an APK file

![](https://i.imgur.com/zUS3qaN.gif)

- Select behaviors to disable -> Click `Rebuild`

![](https://i.imgur.com/UiPSO1u.gif)

## Showcase

This is a showcase which the malware hides its icon after user clicks on it.

As you can see, the icon of the malware disappear right after the user clicks.

![](https://i.imgur.com/jCqxOp2.gif)

With UDcide, we remove this behavior, got this malware no where to hide.

![](https://i.imgur.com/WRc8iKy.gif)

### Showcase for VScode Extension

This is the same showcase but using VScode extension to disable the behavior.



Disable the behavior by using UDcide VScode extension.



## Requirements

+ dialog >= 1.3-20190808

+ JDK >= 11

+ Apktool >= 2.5.0

## Installation

```bash

git clone https://github.com/UDcide/udcide.git

cd udcide

pipenv install

pipenv run python udcide/cli.py 

```