Select release
Introduction

Home

Installation

Configuration

Usage

Advanced Topics

RASP Module

Antivirus Module

Client Identification Change

Repackaging Detection

Configuration of the Antivirus UI

Demo Application

Android Native Library

Apple Native Library

Antivirus Module

View product v1.0.2

The Antivirus module is currently supported only on the Android platform. Therefore, before you start using it, ensure that the functionality is supported on the platform:

// The rest of this document will use `antivirus` constant in the examples.
const antivirus = Malwarelytics.sharedInstance.antivirus;
if (!antivirus.isSupported) {
    throw new Error("Antivirus is not supported on this platform")
}

If Antivirus is available, then you can optionally test whether it’s enabled:

if (!await antivirus.isEnabled()) {
    throw new Error("Antivirus is not enabled, check your config");
}

The antivirus is by default enabled, but you can disable it in the configuration.

Evaluate threats

To get the list of all applications with evaluated threat index use:

const threats = await antivirus.getThreatList();
threats.forEach((threat) => {
    const ti = threat.threatIndex;
    if (ti == 'HIGHLY_DANGEROUS' || ti == 'MALWARE') {
        console.log(`App ${threat.packageName} is ${ti}`);
    }
});

The function above will return all apks installed on the system. To get the filtered list by minimum threat index, use:

const threats = await antivirus.getFilteredThreatList('DANGEROUS');
threats.forEach((threat) => {
    console.log(`App ${threat.packageName} is ${threat.threatIndex}`);
});

You can get more information from the list, such as detected Malware name. Check ApkThreat interface for more details.

Threat levels

The following threat index levels are defined:

  • MALWARE
    • The found threats clearly indicate that the app is a malware.
  • HIGHLY_DANGEROUS
    • The found threats indicate that the app is highly dangerous to the current app. It uses multiple potential attack vectors including techniques directly targeting the current app.
  • DANGEROUS
    • The found threats indicate that the app is dangerous to the current app. Is uses multiple potential attack vectors. However, no technique directly targeting the current app was detected.
  • POTENTIALLY_UNWANTED_APP
    • The found threats indicate that the app might be potentially dangerous. For example it declares potentially dangerous permissions. However it it quite possible that the app is legitimate.
  • SAFE
    • There are no found threats.
  • UNKNOWN
    • The threat is unknown. The app was probably not found. In case of suggestions, there’s none.

Trigger Smart Protection Update

To trigger a Smart Protection update and evaluation use the follwing code:

const onlineUpdate = true;
const result = await antivirus.triggerSmartProtection(onlineUpdate);
if (!result.onlineUpdateSucceeded) {
    console.log('Update from server failed');
}
if (!result.evaluationSucceeded) {
    console.log('Evaluation failed');
}
if (result.uiDisplayed) {
    // Smart Protection screen is now displayed
}

The operation above might result in displaying a UI (based on the found threats). Note that the UI will be displayed (if the config allows it) after a small delay. That’s because the method performs update and evaluation first.

If you want to change visual style of the displayed UI then follow instructions in Configuration of the Antivirus UI for Android document.

Change language

// Change the language used in the Smart Protection UI
await antivirus.setCustomLocalization('cs');
// Change back to the default language
await antivirus.setCustomLocalization(undefined);
// Get the current language
const currentLanguage = await antivirus.getCustomLocalization();
Last updated on May 09, 2023 (14:32) View product
On this page:
Search

1.0.x

Malwarelytics for React Native