© InEvent, Inc. 2024
apktag similar --apk new.apk If the tool returns five other APKs with overlapping URL patterns and native libraries, you know you are looking at a rebranded malware family. To be fair, APKTag is not a disassembler. It won't tell you the logic of the obfuscated C2 callback routine. It doesn't unpack Themida or Alibaba packers. If an app encrypts its strings (as most modern bankers do), APKTag will miss those URLs.
And start searching: apktag search --db android_archive.db --tag "missing_certificate" APKTag won't replace jadx or Ghidra. But if you have ever wasted thirty minutes searching for an APK you know you reversed last month, it will save your sanity. In the chaotic world of Android binaries, it finally offers a card catalog. apktag
# Inotify on a "drop_folder" apktag tag --recursive ./incoming --db ~/my_index.db apktag search --db ~/my_index.db --tag "crypto_mining" --format csv You can also use it as a poor man's VirusTotal. Before manually reversing a new APK, run: apktag similar --apk new
Or grab the prebuilt binaries for Linux, macOS, and Windows from the GitHub releases page . It doesn't unpack Themida or Alibaba packers