Trustlook Research

See the latest antivirus research reports from Trustlook.

Fake Antivirus Found on Google Play

“Only when the tide goes out do you discover who’s been swimming naked”. – Warren Buffett We recently found the “Automatic Virus Scanner” (ggg.tools.anti01), an Antivirus app with 100k-500k downloads on Google Play, was actually a “placebo” – in other words, it has no functionality on protection at all. This app is developed on Unity Read More

0Day Malware, 0Day Detect

Authors: Tianfang Guo, Jinjian Zhai The “Fake Amazon Giftcard” is a malware that has been breaking out in the last 48hrs. It’s pretty simple from the technical aspect, but has infected 4,000 devices and caused over 200,000 spam SMS worldwide in less than 24hrs (source: http://goo.gl/cFs2BG). Let’s see what it can do: The app presents itself into a Read More

Alert: Android WebView addJavascriptInterface Code execution Vulnerability

 Update: Trustlook has released a solution to detect this vulnerability within 12 hours of this vulnerability is reported. During the long night, we had to patch android system, changing scheduling code, re-fresh ROM system of all production devices and of course had many beers. This is fun. A Chinese hacker, livers, from wooyun.org has reported a Read More

New Malware Alert: Parasites Android Malware

A new android malware,  Parasites Android Malware, has been reported by my friend Rick’s malware team.  After I got the sample last night, I have done a quick analysis using trustlook’s malware analysis platform. Here you are the detail report. Note: here is Zhi Xu’s original report The malware application general information. Here is the permissions Read More

Craig Young’s POC malware bypassed all security detection

These days mobile malware has become much harder to detect than two year’s ago and everyone is noticing.  The latest is Craig Young, from nCircle’s VERT team (read his blog DEFCON SNEAK PEEK: HOW RISKY IS GOOGLE APPS FOR YOUR BUSINESS and, if you missed it, check out his talk at DEFCON 21, Android WebLogin: Google’s Skeleton Key). Note: Read More