Apparatus and method for detecting malicious applications

PURPOSE: A device for diagnosing a malignant application and a method thereof are provided to use common feature information which is difficult to be changed in a varietal file for the execution file of the malignant application executed in a mobile OS environment. CONSTITUTION: A signature storage unit(140) stores a malicious application execution file executed in a mobile OS environment and common feature information of a varietal file from the execution file as signature data for diagnosing the malicious application. A diagnosis rule storage unit(150) stores a diagnosis rule for determining the malignity of the execution file by combining the common feature information. An information collecting unit(110) collects information corresponding to the common feature information from the execution file according to diagnosis rule. [Reference numerals] (110) Information collecting unit; (120) Diagnosis discriminating unit; (130) Setting unit; (140) Signature storage unit; (150) Diagnosis rule storage unit; (160) Result providing unit