Skill

analyzing-android-malware-with-apktool

Performs static analysis of Android APK malware using apktool, jadx, and androguard to extract permissions, suspicious API calls, and C2 indicators.

Android

Python

security

mobile

npx claudepluginhub 26zl/cybersec-toolkit --plugin cybersec-toolkit

Popularity

Stars

Forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/cybersec-toolkit:analyzing-android-malware-with-apktool

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Android malware distributed as APK files can be statically analyzed to extract permissions, activities, services, broadcast receivers, and suspicious API calls without executing the sample. This skill uses androguard for programmatic APK analysis, identifying dangerous permission combinations, obfuscated code patterns, dynamic code loading, reflection-based API calls, and network communication ...

SKILL.md

62 lines · ~556 tokens

Similar Skills

analyzing-android-malware-with-apktool

13.2k

Performs static analysis of Android APK malware using apktool, jadx, and androguard to extract permissions, suspicious API calls, and C2 indicators.

3 files

cybersecurity-skills

analyzing-android-malware-with-apktool

Performs static analysis of Android APK malware using apktool for decompilation, jadx for Java source recovery, and androguard for permissions, manifest, and suspicious API detection.

asi

analyzing-android-malware-with-apktool

Performs static analysis on Android APK malware using apktool for decompilation, jadx for Java source recovery, and androguard for permissions, manifest checks, suspicious APIs, and risk reports.

3 files

cybersecurity-skills-zh

Stats

LanguagePython

Stars11

Forks2

MaintenanceExcellent

Last CommitJun 10, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Analyzing Android Malware with Apktool

Overview

When to Use

When investigating security incidents that require analyzing android malware with apktool

When building detection rules or threat hunting queries for this domain

When SOC analysts need structured procedures for this analysis type

When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.9+ with androguard

apktool (for resource decompilation)

jadx (for Java source recovery, optional)

Isolated analysis environment (VM or sandbox)

Sample APK files for analysis

Steps

Parse APK with androguard to extract manifest metadata

Enumerate requested permissions and flag dangerous combinations

List activities, services, receivers, and providers from manifest

Scan for suspicious API calls (reflection, crypto, SMS, telephony)

Detect dynamic code loading patterns (DexClassLoader, Runtime.exec)

Extract hardcoded URLs, IPs, and C2 indicators from strings

Generate risk assessment report with MITRE ATT&CK mobile mappings

Expected Output

JSON report with permission analysis, component listing, suspicious API calls, network indicators, and risk score

Extracted strings and potential IOCs from the APK