live casino online

arrow_back
search
close

AndroidOS_InfectionAds.HRXA

July 16, 2019
 Analysis by: Song Wang
 PLATFORM:

Android

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:
 INFORMATION EXPOSURE:

  • Threat Type: Adware

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from app store


This Adware may be downloaded from app stores/third party app stores.

It drops and runs other files on the device.

  TECHNICAL DETAILS

Payload:

Injects files, Communicates with the C&C, Exploits vulnerabilities, Displays ads to victims

Arrival Details

This Adware may be downloaded from app stores/third party app stores.

Mobile Malware Routine

This Adware drops and executes the following file(s):

  • The "core" module of Agent Smith malware. It communicates with the C&C server to get the pre-defined list of infected applications.

It is capable of doing the following:

  • It utilizes the Janus vulnerability to inject the “boot” module into the repacked application. After the next run of the infected app, the “boot” module will run the “patch” module, which hooks the methods from known ad SDKs to its own implementation.
  • It exploits a series of ‘Bundle’ vulnerabilities to install applications without the victim knowing.
  • The 'AD' payload will display ads to the victims.

  SOLUTION

Minimum Scan Engine:

9.850

live casino online Mobile Security Solution

live casino online Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the live casino online Mobile Security apps from the following sites: