ARTEMIS: Uma Plataforma Modular para Execução, Monitoração e Investigação de Aplicativos Android Suspeitos
Resumo
A fragmentação de versões do Android e as limitações de ferramentas atuais para monitoração efetiva da execução de APKs dificultam a análise de malware. Neste artigo apresenta-se ARTEMIS, uma plataforma baseada em arquitetura de microsserviços capaz de orquestrar análises paralelas em instâncias heterogêneas, testada com 100 emuladores (Android 10–14) e dispositivos físicos. Em estudo de caso com 12.466 APKs maliciosas, ARTEMIS alcançou taxa de instalação de 98,7% (arquitetura adaptativa) e recuperação de 80,2% dos APKs com falha por detecção de depuração (pipeline modular). ARTEMIS oferece análises em larga escala, histórico de execuções e estratégias antievasão, essenciais para combater ameaças móveis modernas.
Palavras-chave:
segurança móvel, análise dinâmica, malware Android, microsserviços, instrumentação multi-versão
Referências
Android Authority (2023). Android 14 release schedule.
ANY.RUN (2025). Interactive android sandbox for malware analysis. [link].
Bläsing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S. A., and Albayrak, S. (2010). An android application sandbox system for suspicious software detection. In Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on, pages 55–62. IEEE.
Developers, G. A. (2024). Android platform versions dashboard. [link].
Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. (2010). Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 393–407.
Fratantonio, Y., van der Veen, V., and Platzer, C. (2014). Andrubis: Android malware under the magnifying glass. Number TR-ISECLAB-0414-001.
GlobalStats, S. (2024). Mobile operating system market share worldwide. [link].
Google (2025). Meet google play’s target api level requirement. Accessed: May 2025.
Hatching (2024). Triage: Advanced android sandbox for malware analysis. [link].
Intelligence, I. S. (2023). Reducing resource overhead in malware sandboxing. [link].
Lab, K. (2024). Mobile malware evolution 2024. Technical report, Kaspersky Lab.
Lantz, P. (2012). Droidbox: Android application sandbox. [link].
LLC, J. S. (2024). Joe sandbox mobile - android dynamic analysis. [link].
Mutti, S., Fratantonio, Y., Bianchi, A., Invernizzi, L., Corbetta, J., Kirat, D., Kruegel, C., and Vigna, G. (2015). Baredroid: Large-scale analysis of android apps on real devices. In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC), pages 71–80.
Neuner, S., van der Veen, V., Lindorfer, M., Huber, M., Merzdovnik, G., Mulazzani, M., and Weippl, E. (2014). Enter sandbox: Android sandbox comparison. In Proceedings of the 3rd IEEE Mobile Security Technologies Workshop (MoST).
Research, C. P. (2024a). Mobile security report 2024. Technical report, Check Point.
Research, E. (2024b). Droiddungeon: Bypassing android malware evasion techniques. [link].
Research, T. M. (2021). Evasive malware techniques targeting android. Technical report, Trend Micro.
ResearchGate (2023). Droidhook: A flexible android dynamic analysis framework. [link].
Revivo, I., Caspi, O., and Shalyt, M. (2015). Cuckoodroid – fighting the tide of android malware. Check Point Blog.
Stack Overflow users (2024). What is the minsdkversion for targetsdkversion 34? Statista (2024). Distribution of android versions worldwide.
Tam, K., Khan, S. J., Fattori, A., and Cavallaro, L. (2015). Copperdroid: Automatic reconstruction of android malware behaviors. In Proceedings of the Network and Distributed System Security Symposium (NDSS). Internet Society.
(VirusTotal), G. T. I. (2023). Virustotal zenbox: Dynamic malware analysis. [link].
Wikipedia contributors (2025). Android 10 — android version history.
Yan, L.-K. and Yin, H. (2012). Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In USENIX Security Symposium, pages 569–584. USENIX Association.
Zhou, P. (2020). Limitations and extensions of cuckoo sandbox for android analysis. [link].
Zorz, M. (2016). Mobsf: Security analysis of android and ios apps. Help Net Security.
ANY.RUN (2025). Interactive android sandbox for malware analysis. [link].
Bläsing, T., Batyuk, L., Schmidt, A.-D., Camtepe, S. A., and Albayrak, S. (2010). An android application sandbox system for suspicious software detection. In Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on, pages 55–62. IEEE.
Developers, G. A. (2024). Android platform versions dashboard. [link].
Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. (2010). Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 393–407.
Fratantonio, Y., van der Veen, V., and Platzer, C. (2014). Andrubis: Android malware under the magnifying glass. Number TR-ISECLAB-0414-001.
GlobalStats, S. (2024). Mobile operating system market share worldwide. [link].
Google (2025). Meet google play’s target api level requirement. Accessed: May 2025.
Hatching (2024). Triage: Advanced android sandbox for malware analysis. [link].
Intelligence, I. S. (2023). Reducing resource overhead in malware sandboxing. [link].
Lab, K. (2024). Mobile malware evolution 2024. Technical report, Kaspersky Lab.
Lantz, P. (2012). Droidbox: Android application sandbox. [link].
LLC, J. S. (2024). Joe sandbox mobile - android dynamic analysis. [link].
Mutti, S., Fratantonio, Y., Bianchi, A., Invernizzi, L., Corbetta, J., Kirat, D., Kruegel, C., and Vigna, G. (2015). Baredroid: Large-scale analysis of android apps on real devices. In Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC), pages 71–80.
Neuner, S., van der Veen, V., Lindorfer, M., Huber, M., Merzdovnik, G., Mulazzani, M., and Weippl, E. (2014). Enter sandbox: Android sandbox comparison. In Proceedings of the 3rd IEEE Mobile Security Technologies Workshop (MoST).
Research, C. P. (2024a). Mobile security report 2024. Technical report, Check Point.
Research, E. (2024b). Droiddungeon: Bypassing android malware evasion techniques. [link].
Research, T. M. (2021). Evasive malware techniques targeting android. Technical report, Trend Micro.
ResearchGate (2023). Droidhook: A flexible android dynamic analysis framework. [link].
Revivo, I., Caspi, O., and Shalyt, M. (2015). Cuckoodroid – fighting the tide of android malware. Check Point Blog.
Stack Overflow users (2024). What is the minsdkversion for targetsdkversion 34? Statista (2024). Distribution of android versions worldwide.
Tam, K., Khan, S. J., Fattori, A., and Cavallaro, L. (2015). Copperdroid: Automatic reconstruction of android malware behaviors. In Proceedings of the Network and Distributed System Security Symposium (NDSS). Internet Society.
(VirusTotal), G. T. I. (2023). Virustotal zenbox: Dynamic malware analysis. [link].
Wikipedia contributors (2025). Android 10 — android version history.
Yan, L.-K. and Yin, H. (2012). Droidscope: Seamlessly reconstructing the os and dalvik semantic views for dynamic android malware analysis. In USENIX Security Symposium, pages 569–584. USENIX Association.
Zhou, P. (2020). Limitations and extensions of cuckoo sandbox for android analysis. [link].
Zorz, M. (2016). Mobsf: Security analysis of android and ios apps. Help Net Security.
Publicado
01/09/2025
Como Citar
TORRES JÚNIOR, Cláudio; FERNANDES FILHO, Dario; PINCOVSCY, João; GRÉGIO, André.
ARTEMIS: Uma Plataforma Modular para Execução, Monitoração e Investigação de Aplicativos Android Suspeitos. In: SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 147-162.
DOI: https://doi.org/10.5753/sbseg.2025.11393.
