Author Topic: Infected app in Google Play Market to analyse.  (Read 1304 times)

0 Members and 1 Guest are viewing this topic.

Offline DimaReporter

  • Newbie
  • *
  • Posts: 3
Infected app in Google Play Market to analyse.
« on: September 27, 2023, 07:26:55 PM »
I would like to provide virus analysts with a link to an app in Play Market that shows ads on top of other apps even without permission and modifies user root security certificates masquerading as a harmless app. Also, check out the user reviews for this app, where people are reporting aggressive ads en masse.
I can't send the apk sample itself, but I think a link to this app on the Play Store will suffice: https://play.google.com/store/apps/details?id=com.scan.ocr.translate.easy
VT test result: https://www.virustotal.com/gui/file/66cb62f81923adc6d195833ac41d0582d3669e787470ba95215518fdccfc84d2?nocache=1
 

Offline DimaReporter

  • Newbie
  • *
  • Posts: 3
Re: Infected app in Google Play Market to analyse.
« Reply #1 on: October 09, 2023, 09:59:06 PM »
This app has been removed from the Google Play Market. But its sample can still be obtained from VirusTotal, please ask Avast to add detection

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88445
  • No support PMs thanks
Re: Infected app in Google Play Market to analyse.
« Reply #2 on: October 09, 2023, 10:31:44 PM »
1. Avast can get undetected samples/uploads from VT as part of the participation is they get undetected samples.

2. Reporting a possible Malicious sample File or Website - https://www.avast.com/report-malicious-file.php.
From the link select File, Click Browse, that will open Explorer, select the file from the location you have it and Submit.
See attached image Avast-Submit-Undetected.png
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.10.6086 (build 23.10.8563.800) UI 1.0.784/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DimaReporter

  • Newbie
  • *
  • Posts: 3
Re: Infected app in Google Play Market to analyse.
« Reply #3 on: October 09, 2023, 10:37:24 PM »
1. Avast can get undetected samples/uploads from VT as part of the participation is they get undetected samples.

2. Reporting a possible Malicious sample File or Website - https://www.avast.com/report-malicious-file.php.
From the link select File, Click Browse, that will open Explorer, select the file from the location you have it and Submit.
See attached image Avast-Submit-Undetected.png
How do I send a mobile sample if it was in Play Market and now deleted and I only have its hash?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88445
  • No support PMs thanks
Re: Infected app in Google Play Market to analyse.
« Reply #4 on: October 10, 2023, 01:47:52 AM »
If you didn't save it and if it has been removed from the Play Store, then point 1 is the only option VT does send un detected samples to contributing AVs if they didn't detect it..

Presumably if the Play Store removed it, then is less of an issue and hopefully before Google would allow it back in the checked it out.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.10.6086 (build 23.10.8563.800) UI 1.0.784/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security