APK Repackaging.

An Android attack technique that unpacks a legitimate APK, modifies its code or resources (ads, trackers, malware, license bypass), repacks and re-signs it, then redistributes the trojanized app through unofficial stores or sideload campaigns. サイバーセキュリティの モバイルセキュリティ カテゴリに属します。

An Android attack technique that unpacks a legitimate APK, modifies its code or resources (ads, trackers, malware, license bypass), repacks and re-signs it, then redistributes the trojanized app through unofficial stores or sideload campaigns.

APK repackaging is one of the foundational Android malware techniques and remains common in 2024–2026 despite App Bundle distribution. The basic workflow is: download a legitimate APK (or AAB), decompile it with apktool/jadx, modify the smali code or resources to inject ad SDKs, info-stealer payloads, banking-trojan overlays, or license-check removals, repack it, and re-sign with the attacker's key (or a stolen key for sideload-trust). The trojanized APK is then redistributed through alternative app stores, file-sharing sites, SMS-phishing links, or malvertising. Repackaged Android banking trojans (Anatsa, Hydra, GodFather, Cerberus successors) and crack-laden 'modded' apps account for a substantial share of Android malware. Google's mitigations include Play Protect signing comparison, Play Integrity 'app integrity' verdicts that detect that the running APK is not the Play-distributed one, key attestation on developer signing keys, and the broader move to Play Asset Delivery and App Bundles which complicate offline repacking. For developers, defenses include obfuscation (R8/ProGuard), native-code anti-tamper checks, server-side attestation, and behavioral fraud signals.

APK Repackaging に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: APK trojanization, App repackaging。