{ "Event": { "analysis": "2", "date": "2017-03-27", "extends_uuid": "", "info": "OSINT - Nasty adware hiding in apps on Google Play Store", "publish_timestamp": "1490600133", "published": true, "threat_level_id": "3", "timestamp": "1490597143", "uuid": "58d8b418-d034-493a-aed5-40bd950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1490597112", "to_ids": false, "type": "link", "uuid": "58d8b423-4e70-4457-9dbf-49c0950d210f", "value": "https://www.zscaler.com/blogs/research/nasty-adware-hiding-apps-google-play-store", "Tag": [ { "colour": "#075200", "local": "0", "name": "admiralty-scale:source-reliability=\"b\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1490597113", "to_ids": false, "type": "text", "uuid": "58d8b435-9d0c-4a98-a250-48a9950d210f", "value": "In our ongoing hunt for malicious apps on Google Play Store, we have come across more than a dozen apps that we have confirmed to be aggressive adware strains, with the ability to add themselves as device administrator on a victim's mobile device.\r\n\r\nAfter a primary analysis of these apps, we confirmed that they do not have any features that require critical device administration privileges. A common theme among all these apps is that they do not display any suspicious activity for the first six hours after installation. This may be an attempt to evade Googles Bouncer. (Bouncer is Google's antivirus system, which executes an app for few minutes and analyzes its behavior before publishing the app on Play Store.)", "Tag": [ { "colour": "#075200", "local": "0", "name": "admiralty-scale:source-reliability=\"b\"", "relationship_type": "" }, { "colour": "#ffffff", "local": "0", "name": "tlp:white", "relationship_type": "" }, { "colour": "#00223b", "local": "0", "name": "osint:source-type=\"blog-post\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596942", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b44e-e59c-4f77-a789-44fb950d210f", "value": "com.barcodescannertvc.vnm" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596942", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b44e-9c70-49bd-87ce-42d7950d210f", "value": "com.fastchargertie.vnm" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596943", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b44f-05c8-4175-b833-4d20950d210f", "value": "com.g8note.screamjump" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596944", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b450-2b94-4147-8699-42a9950d210f", "value": "com.lichviet.lichvannien.lichamduong" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596945", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b451-89a4-415d-969b-4654950d210f", "value": "com.photoeditor.cutphoto.pastephotos" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596946", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b452-a1e0-4b0a-9c2b-42a2950d210f", "value": "com.qrbarcodescanneranh.vn" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596947", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b453-b61c-4bf2-ab6d-4a38950d210f", "value": "com.qrbarcodescanneroeh.vnm" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596948", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b454-e928-47e2-9ab7-45e6950d210f", "value": "com.qrbarcodescannertva.vnm" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596948", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b454-7a18-46b3-acdb-48d3950d210f", "value": "com.qrcodereader.htr.hcm" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596949", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b455-f8a8-4460-a2d9-499e950d210f", "value": "com.smartcompassproto.vnm" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596950", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b456-d38c-4055-a10d-426e950d210f", "value": "com.smartcompasstvc.vnm" }, { "category": "Payload delivery", "comment": "Full list of malicious package names found on Google Play Store", "deleted": false, "disable_correlation": false, "timestamp": "1490596951", "to_ids": true, "type": "mobile-application-id", "uuid": "58d8b457-cab4-4f37-8373-479c950d210f", "value": "game.danhbaidoithe.winday" } ] } }