Malware Timeline - 2020

Jusat like last year, this post will have a list of popular malware seen in 2020. I have uploaded APK files for all the entries that I could on my Github repository

  • Smartphone shopaholic
    - Collects sensitive information about the device
    - Receive commands and execute functions
  • PHA family highlights - Bread
    - Highlights of a large-scale billing fraud family
  • US govt phones with pre-installed malware
    - A variant of Hidden Ads came pre-installed on soem devices
  • Malware rising to top of the charts
    - Able to click ad banners, subscribe to services, send/read SMS messages
  • Active Attack Exploiting CVE-2019-2215
    - Uses 2019-2215 CVE to steal victim's sensitive information
  • Fresh Anubis samples
    - New Anubis samples
  • Coybot
    - A Brazilian banker that shows fake Overlays
  • Fake AVs
    - These fake AV's have a blacklist files in the assets folder which is used to rank the apps on the device. It gives risk rating based on this list
    - Most of the parameters considered are package names, permissions used and certain activity names all of which can be spoofed easily by real malicious apps rendering these AV's inept
  • 17 Android malware spotted on Google Play
    - off_a or hide_icon parameters from a file in assets folder are used to hide the icon at a later stage
    - Waits 48 hours before hiding
    - Android.intent.action.USER_PRESENT is modified to display ads after 4 hours of installation
  • Another possible non-removable trojan
    - Capable of installing apps without user permissions, gains revenue by pay per install mechanism
    - Once installed it makes the .apk file as a read-only file. Then removes/disables apps that can gain root access. this makes it difficult to remove the malware
    - Changes system files so that system cannot be mount as write partition
    - Prevents apps that reside in /data/data from starting