|Spyware for ApexLegends|
Apex Legends has gain monumental popularity in a very short time. Naturally malware writers are trying to capitalize on this craze by masquerading malicious apps as Apex Legends.
There are already a slew of YouTube related scam videos that claim Apex Legends can be played on Android but the links mentioned in such videos usually lead to Verification Sites which simply try to extract sensitive information from the user via surveys.
One such app goes by the package name - yps.eton.application and MD5: 253489a49d14719a4c29dc0f5e9f9c79. Upon installation this app is visible in the app drawer using an Apex Legends icon:
Upon execution we are directly shown the accessibility screen with an entry for Apex Legends. Normally when a malware needs Accessibility Service, it shows a fake story/reason to the user to enable it. But in this case I did not see any such thing, perhaps this component did not work for me or is not completely in place.
Same goes for Device Admin privileges:
Code examination of the sample reveals that this sample is actually a potent Spyware which has been around for a while. Few key capabilities of this Spyware are as follows:
It is intersting to note that there are other apps with this package name and a common thing between all these apps is that their application name is similar to that of already popular apps.
This means the malware writer is trying to pass of his spyware as other popular apps: