近期的样本分析中,因需要清理类似的插件化恶意应用,我们针对性的对此类应用进行了排查。我们扫描了上万来自某应用市场的样本,其中样本的种类分布如下:这次的扫描结果也令我们大为吃惊,我们最终发现了100余款恶意的APP,此类APP多数为游戏或工具类软件,以下是其中部分恶意软件的应用名称:这些应用少有几万,多则百万的下载量,且重打包并植入了恶意代码,可见其影响力巨大!仅一个渠道就有上百的恶意应用,难以想象有多少恶意应用被分发出去。列表中已经下架的一款应用,下架前有着百万的下载量,现已通过更换图标以及特征的方式重新上架,这样便可以在被杀毒检测出来后,更改掉自身的指纹规避查杀,此技术俗称为免杀。换了马甲重新来过,可谓野火烧不尽,春风吹又生。 ...
几个月前,Trustlook安全研究人员在使用其移动样本深度分析审核平台App Insight对国内某应用商店进行常规审核时,截获了一款利用沙盒技术规避查杀的流量木马,进而顺藤摸瓜,挖掘出了背后的黑产利益链。(传送门:https://blog.trustlook.com/hei-chan-li-qi-an-zhuo-duo-kai/)虽然文章在当时引起了很大的反响,但最近我们发现该作案团伙的活动并未姑息,而是依旧活跃在各大应用商店等渠道,进行着不法牟利。本月,我们通过App Insight再次拦截到了一部分样本,并从中抽取了其中一款APP的存档:截至目前,该应用在某应用商店已经高达228余万次的下载,在其他的各应用商店也近百万的下载。我们通过研究发现该应用具备极高的威胁: ...
There are more and more unethical hackers tampering legit mobile applications. By injecting Ads or virus code, and then publishing the repackaged applications on ...
Part1 从样本看Virtual App在黑产中的应用4月初,Trustlook安全研究人员在使用App Insight对国内某商店进行常规审核时,截获了一个名为“换机精灵”的样本,该应用作为一款换机工具,实则为恶意刷量木马,截止我们发现样本的当日,该应用在国内各大软件市场拥有高达上亿次下载,以下为样本的存档信息: 该恶意软件具备极高的威胁: 具备远程控制的安装任意应用/插件并执行的后门; 利用沙盘技术并主动检测各类杀毒软件逃避检测; 脚本模拟点击、恶意创建桌面快捷方式等; 申请大量权限,收集设备隐私数据并传输到 ky.5rob.com ...
A Trojan disguised as a keyboard app performs various operations on a user’s deviceTrustlook Labs discovered a Trojan taking advantage of the “su” ...
New study reveals shocking statistics on ransomwareIf you think ransomware is a problem that impacts only deep-pocketed big businesses like hospitals or banks, new ...
Banks in South Korea recently started to offer customers a text messaging option to access accounts and authenticate transactions. It was reported that a ...
Trustlook Mobile Security has researched an app (MD5: 67257EA2E9EC6B35C9E5245927980EEA) that is packed/encrypted by Baidu Protect, the service provided by Baidu. Users can upload ...
360 researchers (Alpha Team) has recently uncovered a vulnerability that affects millions of Android phones. Since it is especially widespread in China and can ...
We reported last week that BadKernel, a flaw in the Google Chromium mobile browser framework that spreads as users click on malicious links, affects ...
An Updated Version (Version 3.5.10) of the Trustlook Mobile Security App Identifies the BadKernel Issue Affecting 30 Million Android UsersTrustlook has released ...
Trustlook has released a new feature in its Trustlook Mobile Security app that proactively notifies users of any new malware on their device. Instead ...