Multi-Agent Parallel Analysis of an Android Banking Trojan
Analysts used AVL Code — driven by the Landi N2.5 model — to run a multi-agent parallel analysis of a malicious Android app, confirming it as an Android banking trojan masquerading as a legitimate application.
Built with AVL Code + the Landi model
Overview
Targeting a malicious Android app, AVL Code — driven by the Landi N2.5 model — ran a multi-agent parallel analysis that completed the full deep-analysis pipeline in about 95 seconds. The trojan disguises itself as a legitimate app, embeds 14+ phishing interfaces targeting Chinese and Indian bank/payment platforms, and steals payment credentials via overlay attacks, WebView man-in-the-middle attacks and SMS interception of OTPs — with anti-uninstall persistence, file theft, multi-DEX obfuscation and high-entropy encryption as adversarial traits, rating a Critical threat level.
Key results
- Fully revealed 7 major malicious capabilities and precisely mapped 14 targets across Chinese and Indian bank/payment platforms
- Extracted a complete IOC list and produced YARA detection rules ready to deploy on the detection line
- Completed the full deep analysis in about 95 seconds via multi-agent parallelism, classifying the sample as a Critical-severity Android banking trojan
Technical highlights
Practical value
The IOC list and YARA rules can be deployed straight onto the detection line for real-time blocking; the exposed techniques inform defensive-policy tuning; and the multi-agent parallel-analysis workflow serves as a standardized, reusable methodology for rapid triage of similar malware, raising threat-response efficiency.
Artifacts
Session replays & reports are original records in Simplified Chinese · Built with AVL Code + the Landi model
