APK Repackaging.

An Android attack technique that unpacks a legitimate APK, modifies its code or resources (ads, trackers, malware, license bypass), repacks and re-signs it, then redistributes the trojanized app through unofficial stores or sideload campaigns. 它属于网络安全的 移动安全 分类。

An Android attack technique that unpacks a legitimate APK, modifies its code or resources (ads, trackers, malware, license bypass), repacks and re-signs it, then redistributes the trojanized app through unofficial stores or sideload campaigns.

APK repackaging is one of the foundational Android malware techniques and remains common in 2024–2026 despite App Bundle distribution. The basic workflow is: download a legitimate APK (or AAB), decompile it with apktool/jadx, modify the smali code or resources to inject ad SDKs, info-stealer payloads, banking-trojan overlays, or license-check removals, repack it, and re-sign with the attacker's key (or a stolen key for sideload-trust). The trojanized APK is then redistributed through alternative app stores, file-sharing sites, SMS-phishing links, or malvertising. Repackaged Android banking trojans (Anatsa, Hydra, GodFather, Cerberus successors) and crack-laden 'modded' apps account for a substantial share of Android malware. Google's mitigations include Play Protect signing comparison, Play Integrity 'app integrity' verdicts that detect that the running APK is not the Play-distributed one, key attestation on developer signing keys, and the broader move to Play Asset Delivery and App Bundles which complicate offline repacking. For developers, defenses include obfuscation (R8/ProGuard), native-code anti-tamper checks, server-side attestation, and behavioral fraud signals.

针对 APK Repackaging 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: APK trojanization, App repackaging。