Hey, fellow mobile malware researchers! During the #COVID19 crisis, lots of actors started to design apps aimed at phishing users into downloading and installing malware. We are therefore making our internal customized telemetry for Covid19 public, here:
https://t.co/Rv2d2Gsp0E
left a few things out -- the additional downloaded APK is: 2971c15d7534dffd37535535d5dba4479355f153 [SHA-1] via haeundaejugong[.]com | GET /data/app.php?type=apk&value=replace & signing cert has been used for multiple apps: 2be2bc2a98e47e1468248f7ddcfd5ca3 [MD5] h/t @apklabio
Happy New Year from the https://t.co/WIJSa61qSk Team!
What's new?
🎁 Support for Android 11. Now you can select from each binary (.apk) options, in which Android version you want to perform the analysis.
@avast_antivirus @AvastThreatLabs
Threat Intelligence:
iOS and Android "Shocking" scams spreading via TikTok - 7 apps with 2.4M+ downloads.
Some feature HiddenAds adware while others charge exorbitant amounts for fake 'Shock your friends' apps.
More details here: https://t.co/SjKyl9sMY2 kudos to @JVAvast
Avast's Mobile Threat Labs team, @apklabio discovered a #Cerberus banking #Trojan on #GooglePlay targeting Android users—disguised as a genuine app to access banking data of unsuspecting users. Avast reported it to Google so they can quickly remove it.
https://t.co/MqAReAFg3J
Long time no see! #Cerberus banker dropper found again in @GooglePlay. Masks as currency convertor act as currency stealer.
Target users in Spain, incl. @GooglePlay geo-restrictions.
Hash: https://t.co/4KT3D9liu9
Multiple versions have been uploaded before activation.
Uses a native library https://t.co/fiHfj6IJL1 to drop/load the banker.
This lib is present in multiple versions of the app, at least since v 1.0.17, removed again in later versions 1.0.24+, became active only recently.