Oleh Diposting pada

Authored by SangRyol Ryu, McAfee Threat Researcher

We live in a world where advertisements are everywhere, and it’s no surprise that users are becoming tired of them. By contrast, developers are driven by profit and seek to incorporate more advertisements into their apps. However, there exist certain apps that manage to generate profit without subjecting users to the annoyance of ads. Is this really good?  

Recently, McAfee’s Mobile Research Team discovered a concerning practice among some apps distributed through Google Play. These apps load ads while the device’s screen is off, which might initially seem convenient for users. However, it’s a clear violation of Google Play Developer policy on how ads should be displayed. This affects not only the advertisers who pay for invisible Ads, but also the users as it drains battery, consumes data and poses potential risks such as information leaks and disruption of user profiling caused by Clicker behavior. 

The team has identified 43 apps that collectively downloaded 2.5 million times. Among the targeted apps are TV/DMB Player, Music Downloader, News, and Calendar applications. McAfee is a member of the App Defense Alliance focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. We reported the discovered apps to Google, which took prompt action. Most apps are no longer available on Google Play while others are updated by the developer. McAfee Mobile Security detects this threat as Android/Clicker. For more information, and to get fully protected, visit McAfee Mobile Security. 

Many affected apps

How does it work? 

This ad fraud library uses specific tactics to avoid detection and inspection. It deliberately delays the initiation of its fraudulent activities, creating a latent period from the time of installation. What’s more, all the intricate configurations of this library can be remotely modified and pushed using Firebase Storage or Messaging service. These factors significantly add to the complexity of identifying and analyzing this fraudulent behavior. Notably, the latent period typically spans several weeks, which makes it challenging to detect. 

Getting latent period by using Firebase Messaging Service 

It is important to be cautious about the implications of granting permissions, such as excluding ‘power saving’ and allowing ‘draw over other apps’. These permissions can enable certain activities to occur discreetly in the background, raising concerns about the intentions and behavior of the applications or libraries in question. Allowing these permissions can result in more malicious behavior, such as displaying phishing pages, also to displaying ads in the background. 

Asked permissions to run in the background and keep it hidden 

When the device screen is turned off after the latent period, the fetching and loading of ads starts, resulting in users being unaware of the presence of running advertisements on their devices. This ad library registers device information by accessing the unique domain (ex: mppado.oooocooo.com) linked with the application. Then go to Firebase Storage to get the specific advertisement URL and show the ads. It is important to note that this process consumes power and mobile data resources. 

Observed traffic when the screen off 

If users quickly turn on their screens at this point, they might catch a glimpse of the ad before it is automatically closed. 

Example of an advertising site displayed when the screen is off 

In conclusion, it is essential for users to exercise caution and carefully evaluate the necessity of granting permissions like power saving exclusion, or draw over other apps before allowing them. While these permissions might be required for certain legitimate functionalities for running in the background, it is important to consider the potential risks linked with them, such as enabling hidden behaviors or reducing the relevance of ads and contents displayed to users because the hidden Clicker behavior. By using McAfee Mobile Security products, users can further safeguard their devices and mitigate the risks linked with these kinds of malware, providing a safer and more secure experience. For more information, visit McAfee Mobile Security

 

Indicators of Compromise (IoC’s)

Domains:

best.7080music.com 

m.gooogoole.com 

barocom.mgooogl.com 

newcom.mgooogl.com 

easydmb.mgooogl.com 

freekr.mgooogl.com 

fivedmb.mgooogl.com 

krlive.mgooogl.com 

sixdmb.mgooogl.com 

onairshop.mgooogle.com 

livedmb.mgooogle.com 

krbaro.mgooogle.com 

onairlive.mgooogle.com 

krdmb.mgooogle.com 

onairbest.ocooooo.com 

dmbtv.ocooooo.com 

ringtones.ocooooo.com 

onairmedia.ocooooo.com 

onairnine.ocooooo.com 

liveplay.oocooooo.com 

liveplus.oocooooo.com 

liveonair.oocooooo.com 

eightonair.oocooooo.com 

krmedia.oocooooo.com 

kronair.oocooooo.com 

newkrbada.ooooccoo.com 

trot.ooooccoo.com 

thememusic.ooooccoo.com 

trot.ooooccoo.com 

goodkrsea.ooooccoo.com 

krlive.ooooccoo.com 

news.ooooccoo.com 

bestpado.ooooccoo.com 

krtv.oooocooo.com 

onairbaro.oooocooo.com 

barolive.oooocooo.com 

mppado.oooocooo.com 

dmblive.oooocooo.com 

baromedia.oooocooo.com 

musicbada.oouooo.com 

barolive.oouooo.com 

sea.oouooo.com 

blackmusic.oouooo.com 

Android Packages 

Package Name  Application Name  SHA256  Google Play Downloads 
band.kr.com  DMB TV  f3e5aebdbd5cd94606211b04684730656e0eeb1d08f4457062e25e7f05d1c2d1  10,000+ 
com.dmb.media  DMB TV  6aaaa6f579f6a1904dcf38315607d6a5a2ca15cc78920743cf85cc4b0b892050  100,000+ 
dmb.onair.media  DMB TV  a98c5170da2fdee71b699ee145bfe4bdcb586b623bbb364a93bb8bdf8dbc4537  10,000+ 
easy.kr  DMB TV  5ec8244b2b1f516fd96b0574dc044dd40076ff7aa7dadb02dfefbd92fc3774bf  100,000+ 
kr.dmb.onair  DMB TV  e81c0fef52065864ee5021e1d4c7c78d6a407579e1d48fc4cf5551ff0540fdb8  5,000+ 
livedmb.kr  DMB TV  33e5606983526757fef2f6c1da26474f4f9bf34e966d3c204772de45f42a6107  50,000+ 
stream.kr.com  DMB TV  a13e26bce41f601a9fafdec8003c5fd14908856afbab63706b133318bc61b769  100+ 
com.breakingnews.player  뉴스 속보  d27b8e07b7d79086af2fa805ef8d77ee51d86a02d81f2b8236febb92cb9b242d  10,000+ 
jowonsoft.android.calendar  달력  46757b1f785f2b3cec2906a97597b7db4bfba168086b60dd6d58d5a8aef9e874  10,000+ 
com.music.free.bada  뮤직다운  a3fe9f9b531ab6fe79ed886909f9520a0d0ae98cf11a98f061dc179800aa5931  100,000+ 
com.musicdown  뮤직다운  5f8eb3f86fc608f9de495ff0e65b866a78c25a9260da04ebca461784f039ba16  5,000+ 
new.kr.com  뮤직다운  397373c39352ef63786fe70923a58d26cdf9b23fa662f3133ebcbc0c5b837b66  100,000+ 
baro.com  바로TV  3b4302d00e21cbf691ddb20b55b045712bad7fa71eb570dd8d3d41b8d16ce919  10,000+ 
baro.live.tv  바로TV  760aa1a6c0d1e8e4e2d3258e197ce704994b24e8edfd48ef7558454893796ebe  50,000+ 
baro.onair.media  바로TV  b83a346e18ca20ac5165bc1ce1c8807e89d05abc6a1df0adc3f1f0ad4bb5cd0c  10,000+ 
kr.baro.dmb  바로TV  84a4426b1f8ea2ddb66f12ef383a0762a011d98ff96c27a0122558babdaf0765  100,000+ 
kr.live  바로TV  cccfdf95f74add21da546a03c8ec06c7832ba11091c6d491b0aadaf0e2e57bcc  1,000+ 
newlive.com  바로TV  c76af429fabcfd73066302eeb9dd1235fd181583e6ee9ee9015952e20b4f65bf  50,000+ 
onair.baro.media  바로TV  6c61059da2ae3a8d130c50295370baad13866d7e5dc847f620ad171cc01a39e9  10,000+ 
freemusic.ringtone.player  벨소리 무료다운  75c74e204d5695c75209b74b10b3469babec1f7ef84c7a7facb5b5e91be0ae3e  100,000+ 
com.app.allplayer  실시간 TV  8d881890cfa071f49301cfe9add6442d633c01935811b6caced813de5c6c6534  50,000+ 
com.onair.shop  실시간 TV  1501dd8267240b0db0ba00e7bde647733230383d6b67678fc6f0c7f3962bd0d3  50,000+ 
eight.krdmb.onair  실시간 TV  bbd6ddbfee7482fe3fe8b5d96f3be85e09352711a36cd8cf88cfdeaf6ff90c79  10,000+ 
free.kr  실시간 TV  5f864aa88de07a10045849a7906f616d079eef94cd463e40036760f712361f79  10,000+ 
kr.dmb.nine  실시간 TV  ea49ad38dd7500a6ac12613afe705eb1a4bcab5bcd77ef24f2b9a480a34e4f46  100,000+ 
kr.live.com  실시간 TV  f09cff8a05a92ddf388e56ecd66644bf88d826c5b2a4419f371721429c1359a7  10,000+ 
kr.live.onair  실시간 TV  e8d2068d086d376f1b78d9e510a873ba1abd59703c2267224aa58d3fca2cacbd  100,000+ 
kr.live.tv  실시간 TV  1b64283e5d7e91cae91643a7dcdde74a188ea8bde1cf745159aac76a3417346e  50,000+ 
kr.media.onair  실시간 TV  bd0ac9b7717f710e74088df480bde629e54289a61fc23bee60fd0ea560d39952  100,000+ 
kr.onair.media  실시간 TV  d7dd4766043d4f7f640c7c3fabd08b1a7ccbb93eba88cf766a0de008a569ae4d  1,000+ 
live.kr.onair  실시간 TV  b84b22bc0146f48982105945bbab233fc21306f0f95503a1f2f578c1149d7e46  10,000+ 
live.play.com  실시간 TV  516032d21edc2ef4fef389d999df76603538d1bbd9d357a995e3ce4f274a9922  50,000+ 
new.com  실시간 TV  5d07a113ce389e430bab70a5409f5d7ca261bcdb47e4d8047ae7f3507f044b08  50,000+ 
newlive.kr  실시간 TV  afc8c1c6f74abfadd8b0490b454eebd7f68c7706a748e4f67acb127ce9772cdb  100,000+ 
onair.best  실시간 TV  6234eadfe70231972a4c05ff91be016f7c8af1a8b080de0085de046954c9e8e7  50,000+ 
com.m.music.free  음악다운  ded860430c581628ea5ca81a2f0f0a485cf2eeb9feafe5c6859b9ecc54a964b2  500,000+ 
good.kr.com  음악다운  bede67693a6c9a51889f949a83ff601b1105c17c0ca5904906373750b3802e91  100,000+ 
new.music.com  음악다운  fee6cc8b606cf31e55d85a7f0bf7751e700156ce5f7376348e3357d3b4ec0957  1,000+ 
play.com.apps  음악다운  b2c1caab0e09b4e99d5d5fd403c506d93497ddb2de3e32931237550dbdbe7f06  100,000+ 
com.alltrot.player  트로트 노래모음  469792f4b9e4320faf0746f09ebbcd8b7cd698a04eef12112d1db03b426ff70c  50,000+ 
com.trotmusic.player  트로트 노래모음  879014bc1e71d7d14265e57c46c2b26537a81020cc105a030f281b1cc43aeb77  5,000+ 
best.kr.com  파도 MP3  f2bbe087c3b4902a199710a022adf8b57fd927acac0895ab85cfd3e61c376ea5  100,000+ 
com.pado.music.mp3  파도 MP3  9c84c91f28eadd0a93ef055809ca3bceb10a283955c9403ef1a39373139d59f2  100,000+ 

 

 


#Invisible #Adware #Unveiling #Fraud #Targeting #Android #Users

Oleh Diposting pada

Authored by SangRyol Ryu  

We live in a world where advertisements are everywhere, and it’s no surprise that users are becoming tired of them. By contrast, developers are driven by profit and seek to incorporate more advertisements into their apps. However, there exist certain apps that manage to generate profit without subjecting users to the annoyance of ads. Is this really good?  

Recently, McAfee’s Mobile Research Team discovered a concerning practice among some apps distributed through Google Play. These apps load ads while the device’s screen is off, which might initially seem convenient for users. However, it’s a clear violation of Google Play Developer policy on how ads should be displayed. This affects not only the advertisers who pay for invisible Ads, but also the users as it drains battery, consumes data and poses potential risks such as information leaks and disruption of user profiling caused by Clicker behavior. 

The team has identified 43 apps that collectively downloaded 2.5 million times. Among the targeted apps are TV/DMB Player, Music Downloader, News, and Calendar applications. McAfee is a member of the App Defense Alliance focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. We reported the discovered apps to Google, which took prompt action. Most apps are no longer available on Google Play while others are updated by the developer. McAfee Mobile Security detects this threat as Android/Clicker. For more information, and to get fully protected, visit McAfee Mobile Security. 

Many affected apps

How does it work? 

This ad fraud library uses specific tactics to avoid detection and inspection. It deliberately delays the initiation of its fraudulent activities, creating a latent period from the time of installation. What’s more, all the intricate configurations of this library can be remotely modified and pushed using Firebase Storage or Messaging service. These factors significantly add to the complexity of identifying and analyzing this fraudulent behavior. Notably, the latent period typically spans several weeks, which makes it challenging to detect. 

Getting latent period by using Firebase Messaging Service 

It is important to be cautious about the implications of granting permissions, such as excluding ‘power saving’ and allowing ‘draw over other apps’. These permissions can enable certain activities to occur discreetly in the background, raising concerns about the intentions and behavior of the applications or libraries in question. Allowing these permissions can result in more malicious behavior, such as displaying phishing pages, also to displaying ads in the background. 

Asked permissions to run in the background and keep it hidden 

When the device screen is turned off after the latent period, the fetching and loading of ads starts, resulting in users being unaware of the presence of running advertisements on their devices. This ad library registers device information by accessing the unique domain (ex: mppado.oooocooo.com) linked with the application. Then go to Firebase Storage to get the specific advertisement URL and show the ads. It is important to note that this process consumes power and mobile data resources. 

Observed traffic when the screen off 

If users quickly turn on their screens at this point, they might catch a glimpse of the ad before it is automatically closed. 

Example of an advertising site displayed when the screen is off 

In conclusion, it is essential for users to exercise caution and carefully evaluate the necessity of granting permissions like power saving exclusion, or draw over other apps before allowing them. While these permissions might be required for certain legitimate functionalities for running in the background, it is important to consider the potential risks linked with them, such as enabling hidden behaviors or reducing the relevance of ads and contents displayed to users because the hidden Clicker behavior. By using McAfee Mobile Security products, users can further safeguard their devices and mitigate the risks linked with these kinds of malware, providing a safer and more secure experience. For more information, visit McAfee Mobile Security

 

Indicators of Compromise (IoC’)

Domains:

best.7080music.com 

m.gooogoole.com 

barocom.mgooogl.com 

newcom.mgooogl.com 

easydmb.mgooogl.com 

freekr.mgooogl.com 

fivedmb.mgooogl.com 

krlive.mgooogl.com 

sixdmb.mgooogl.com 

onairshop.mgooogle.com 

livedmb.mgooogle.com 

krbaro.mgooogle.com 

onairlive.mgooogle.com 

krdmb.mgooogle.com 

onairbest.ocooooo.com 

dmbtv.ocooooo.com 

ringtones.ocooooo.com 

onairmedia.ocooooo.com 

onairnine.ocooooo.com 

liveplay.oocooooo.com 

liveplus.oocooooo.com 

liveonair.oocooooo.com 

eightonair.oocooooo.com 

krmedia.oocooooo.com 

kronair.oocooooo.com 

newkrbada.ooooccoo.com 

trot.ooooccoo.com 

thememusic.ooooccoo.com 

trot.ooooccoo.com 

goodkrsea.ooooccoo.com 

krlive.ooooccoo.com 

news.ooooccoo.com 

bestpado.ooooccoo.com 

krtv.oooocooo.com 

onairbaro.oooocooo.com 

barolive.oooocooo.com 

mppado.oooocooo.com 

dmblive.oooocooo.com 

baromedia.oooocooo.com 

musicbada.oouooo.com 

barolive.oouooo.com 

sea.oouooo.com 

blackmusic.oouooo.com 

Android Packages 

Package Name  Application Name  SHA256  Google Play Downloads 
band.kr.com  DMB TV  f3e5aebdbd5cd94606211b04684730656e0eeb1d08f4457062e25e7f05d1c2d1  10,000+ 
com.dmb.media  DMB TV  6aaaa6f579f6a1904dcf38315607d6a5a2ca15cc78920743cf85cc4b0b892050  100,000+ 
dmb.onair.media  DMB TV  a98c5170da2fdee71b699ee145bfe4bdcb586b623bbb364a93bb8bdf8dbc4537  10,000+ 
easy.kr  DMB TV  5ec8244b2b1f516fd96b0574dc044dd40076ff7aa7dadb02dfefbd92fc3774bf  100,000+ 
kr.dmb.onair  DMB TV  e81c0fef52065864ee5021e1d4c7c78d6a407579e1d48fc4cf5551ff0540fdb8  5,000+ 
livedmb.kr  DMB TV  33e5606983526757fef2f6c1da26474f4f9bf34e966d3c204772de45f42a6107  50,000+ 
stream.kr.com  DMB TV  a13e26bce41f601a9fafdec8003c5fd14908856afbab63706b133318bc61b769  100+ 
com.breakingnews.player  뉴스 속보  d27b8e07b7d79086af2fa805ef8d77ee51d86a02d81f2b8236febb92cb9b242d  10,000+ 
jowonsoft.android.calendar  달력  46757b1f785f2b3cec2906a97597b7db4bfba168086b60dd6d58d5a8aef9e874  10,000+ 
com.music.free.bada  뮤직다운  a3fe9f9b531ab6fe79ed886909f9520a0d0ae98cf11a98f061dc179800aa5931  100,000+ 
com.musicdown  뮤직다운  5f8eb3f86fc608f9de495ff0e65b866a78c25a9260da04ebca461784f039ba16  5,000+ 
new.kr.com  뮤직다운  397373c39352ef63786fe70923a58d26cdf9b23fa662f3133ebcbc0c5b837b66  100,000+ 
baro.com  바로TV  3b4302d00e21cbf691ddb20b55b045712bad7fa71eb570dd8d3d41b8d16ce919  10,000+ 
baro.live.tv  바로TV  760aa1a6c0d1e8e4e2d3258e197ce704994b24e8edfd48ef7558454893796ebe  50,000+ 
baro.onair.media  바로TV  b83a346e18ca20ac5165bc1ce1c8807e89d05abc6a1df0adc3f1f0ad4bb5cd0c  10,000+ 
kr.baro.dmb  바로TV  84a4426b1f8ea2ddb66f12ef383a0762a011d98ff96c27a0122558babdaf0765  100,000+ 
kr.live  바로TV  cccfdf95f74add21da546a03c8ec06c7832ba11091c6d491b0aadaf0e2e57bcc  1,000+ 
newlive.com  바로TV  c76af429fabcfd73066302eeb9dd1235fd181583e6ee9ee9015952e20b4f65bf  50,000+ 
onair.baro.media  바로TV  6c61059da2ae3a8d130c50295370baad13866d7e5dc847f620ad171cc01a39e9  10,000+ 
freemusic.ringtone.player  벨소리 무료다운  75c74e204d5695c75209b74b10b3469babec1f7ef84c7a7facb5b5e91be0ae3e  100,000+ 
com.app.allplayer  실시간 TV  8d881890cfa071f49301cfe9add6442d633c01935811b6caced813de5c6c6534  50,000+ 
com.onair.shop  실시간 TV  1501dd8267240b0db0ba00e7bde647733230383d6b67678fc6f0c7f3962bd0d3  50,000+ 
eight.krdmb.onair  실시간 TV  bbd6ddbfee7482fe3fe8b5d96f3be85e09352711a36cd8cf88cfdeaf6ff90c79  10,000+ 
free.kr  실시간 TV  5f864aa88de07a10045849a7906f616d079eef94cd463e40036760f712361f79  10,000+ 
kr.dmb.nine  실시간 TV  ea49ad38dd7500a6ac12613afe705eb1a4bcab5bcd77ef24f2b9a480a34e4f46  100,000+ 
kr.live.com  실시간 TV  f09cff8a05a92ddf388e56ecd66644bf88d826c5b2a4419f371721429c1359a7  10,000+ 
kr.live.onair  실시간 TV  e8d2068d086d376f1b78d9e510a873ba1abd59703c2267224aa58d3fca2cacbd  100,000+ 
kr.live.tv  실시간 TV  1b64283e5d7e91cae91643a7dcdde74a188ea8bde1cf745159aac76a3417346e  50,000+ 
kr.media.onair  실시간 TV  bd0ac9b7717f710e74088df480bde629e54289a61fc23bee60fd0ea560d39952  100,000+ 
kr.onair.media  실시간 TV  d7dd4766043d4f7f640c7c3fabd08b1a7ccbb93eba88cf766a0de008a569ae4d  1,000+ 
live.kr.onair  실시간 TV  b84b22bc0146f48982105945bbab233fc21306f0f95503a1f2f578c1149d7e46  10,000+ 
live.play.com  실시간 TV  516032d21edc2ef4fef389d999df76603538d1bbd9d357a995e3ce4f274a9922  50,000+ 
new.com  실시간 TV  5d07a113ce389e430bab70a5409f5d7ca261bcdb47e4d8047ae7f3507f044b08  50,000+ 
newlive.kr  실시간 TV  afc8c1c6f74abfadd8b0490b454eebd7f68c7706a748e4f67acb127ce9772cdb  100,000+ 
onair.best  실시간 TV  6234eadfe70231972a4c05ff91be016f7c8af1a8b080de0085de046954c9e8e7  50,000+ 
com.m.music.free  음악다운  ded860430c581628ea5ca81a2f0f0a485cf2eeb9feafe5c6859b9ecc54a964b2  100,500,000+ 
good.kr.com  음악다운  bede67693a6c9a51889f949a83ff601b1105c17c0ca5904906373750b3802e91  100,000+ 
new.music.com  음악다운  fee6cc8b606cf31e55d85a7f0bf7751e700156ce5f7376348e3357d3b4ec0957  1,000+ 
play.com.apps  음악다운  b2c1caab0e09b4e99d5d5fd403c506d93497ddb2de3e32931237550dbdbe7f06  100,000+ 
com.alltrot.player  트로트 노래모음  469792f4b9e4320faf0746f09ebbcd8b7cd698a04eef12112d1db03b426ff70c  50,000+ 
com.trotmusic.player  트로트 노래모음  879014bc1e71d7d14265e57c46c2b26537a81020cc105a030f281b1cc43aeb77  5,000+ 
best.kr.com  파도 MP3  f2bbe087c3b4902a199710a022adf8b57fd927acac0895ab85cfd3e61c376ea5  100,000+ 
com.pado.music.mp3  파도 MP3  9c84c91f28eadd0a93ef055809ca3bceb10a283955c9403ef1a39373139d59f2  100,000+ 

 

 


#Invisible #Adware #Unveiling #Fraud #Targeting #Korean #Android #Users

Oleh Diposting pada

Ditulis ku SangRyol Ryu

McAfee‘S Tim Panaliti Sélular mendakan a software perpustakaan Kami gaduh ngaranna Goldoson, Anu ngumpulkeun daptar aplikasi dipasang, jeung sajarah wifi jeung BluetoothH inpormasi alatkaasup lokasi GPS pangcaketna. Leuwih ti éta, perpustakaan téh angkatan jeung Anu Utiliti pikeun ngalakukeun panipuan iklan ku ngaklik iklan di latar tukang tanpa idin pangguna. Tim peneliti mendakan langkung ti 60 aplikasi anu ngandung éta pihak katilu perpustakaan bahaya, kalawan leuwih ti 100 juta undeuran dikonfirmasi di ONE toko jeung Google Play undeuran aplikasi pasar di Koréa Kidul. Sedengkeun tAnjeunna, Anu resiko keur pamasang aplikasi tetep.

McAfee Mobile Kaamanan ngadeteksiS ancaman ieu salaku Android/emasHaiputra jeung ngajagaS konsumén ti ieu sareng seueur ancaman mobile anu sanés. McAfee nyaeta anggota ti Alliance Pertahanan Aplikasi museurkeun kana ngajagi pangguna ku cara nyegah ancaman dugi ka alatna sareng ningkatkeun kualitas aplikasi dina ekosistem.. Urang laporan kapanggih aktip ka Google, nu nyokot tindakan langsung. ceuk maranehna dibewarakeun pamekar yén aplikasina ngalanggar kawijakan Google Play sareng peryogi perbaikan ngahontal kataatan. Sababaraha aplikasi dipiceun tina Google Play sedengkeun anu sanésna diropéa ku pamekar resmi. Pamaké wanti pikeun ngapdet aplikasiS ka versi panganyarna pikeun nyabut Anu dicirikeun ancaman ti alat maranéhanana.

Top 9 aktip saméméhna kainféksi ku Goldoson on Google Play

Kumaha eta bakal mangaruhan pamaké?

QAnjeunna Goldoson perpustakaan ngadaptar alat jeung meunang konfigurasi jauh concurrently aplikasi leumpang. Perpustakaan Ngaran jeung server jauh domain rupa-rupa kalawan unggal aplikasi, jeung eta kahalangan. Ngaran emasHaiputra nyaeta sanggeus ngaran domain munggaran kapanggih.

Mutasi ngaran kelas

Konfigurasi jauh ngandung parameter pikeun tiap ti fungsi jeung anjeunna nangtukeun sabaraha sering anjeunna komponén ngajalankeun. Dumasar parameter, tanjeunna périodik pariksa perpustakaan, alat narik inpormasi, jeung ngirimS aranjeunna ka terasing serverS. Tag sapertos ‘ads_enable‘atawa’collect_activatenempokeun unggal fungsi pikeun dianggo atanapi henteu iraha Parameter séjén nangtukeun kaayaan jeung kasadiaan.

Réspon konfigurasi jauh

Réspon konfigurasi jauh

Perpustakaan kaasup Anu kamampuan beban halaman wéb tanpa pangguna kasadaran. Qfungsina Kamungkinan disalahgunakeun pikeun ngamuat iklan Pikeun ngabiayaan kauntungan. Sacara téknis, perpustakaan beban kode HTML jeung injects eta éta onka ngaropéa jeung disumputkeun WebView jeung eta ngahasilkeun disumputkeun lalulintas ku nganjang Anu URL sacara rekursif.

Kaca dimuat tanpa persépsi pamaké
Kaca dimuat tanpa persépsi pamaké

Cdata dikumpulkeun nyaeta dikirim rutin unggal dua poé tapi siklus bisa robah ku konfigurasi jauh. Émbaran ngandung sababaraha data sénsitip kaasup daptar aktip dipasangSsajarah lokasi, alamat Bluetooth MAC jeung Wifi deukeut, jeung sajabana. Ieu mungkin ngidinan individu janten dicirikeun iraha datana nyaeta digabungkeun. tabél di handap nempokeun Qanjeunna data dititénan dina alat uji urang.

Data dikumpulkeun dikirim dina format JSON
Data dikumpulkeun dikirim dina format JSON

Google Play mertimbangkeun daptar dipasang aplikasi jantendata pamaké pribadi tur sénsitip jeung kabutuhanS deklarasi idin husus pikeun meunangkeun eta. URANGserver kalawan Android 11 jeung di luhur langkung saé dijagi tina aplikasi coba pikeun ngumpulkeun sadaya aplikasi anu dipasang. Sanajan kitu, sanajan kalawan versi panganyarna tina Androidd, kami kapanggih yén ngeunaan 10% tina aplikasi kalawan Goldoson boga “QUERY_ALL_PACKAGES” idin anu ngamungkinkeun aranjeunna aksés aplikasi inpormasi.

oge, kalawan Android 6.0 atanapi langkung luhur, pamaké Kamungkinan dipénta idinS siga lokasi, Panyimpenan, atawa Kaméra dina runtime. Lamun pamaké Ku ngaktifkeun idin lokasi, aplikasi tiasa ngaksés henteu ngan ukur data GPS tapi ogé inpormasi Wi-Fi sareng alat Bluetooth caket dieu. Dumasarkeun kana BSSID (Identifier Set Layanan Dasar) sareng RSSI (Indikator Kakuatan Sinyal Ditampi), aplikasi tiasa nangtukeun lokasina ti alat leuwih akurat ti GPS, husus jero rohangan.

Runtime pamundut idin demo

Dimana aplikasi asalna?

Aplikasi anu kainféksi asalna tina rupa-rupa Androids toko aplikasi. Langkung ti 100 juta undeuran geus dilacak via Google Play. Saatos éta, HIJI tokotoko aplikasi terkemuka di Korea, nuturkeun kalawan ngeunaan 8 jutaan pamasanganS.

kacindekan

Salaku aplikasi terus skala ukuran jeung ngungkit tambahan perpustakaan éksternaléta perkara ka ngarti Anuir kabiasaan. Pangembang aplikasi kedah dibuka perpustakaanies dipaké jeung dicokot ukuran preventif pikeun ngajaga inpo pamaké. produk McAfee Mobile Kaamanan ogé bisa mantuan ngadeteksi ancamanS sareng ngajaga anjeun tina henteu ngan ukur malware tapi ogé program anu teu dihoyongkeun. Kanggo inpo nu leuwih lengkep, mangga buka kami McAfee Mobile Kaamanan.

Goldoson Diidentipikasi Aplikasi jeung Domain

Domain

  • bhuroid.com
  • enestcon.com
  • htyyed.com
  • discess. net
  • gadlito.com
  • gerfane.com
  • visceun.com
  • onanico.net
  • methinno. net
  • goldoson.net
  • dalfs.com
  • openwor.com
  • thervide.net
  • soildonutkiel. com
  • treffaas.com
  • sadnessdeepkold.com
  • hjorsjopa.com
  • dggerys.com
  • ridinra.com
  • necktro.com
  • fuerob.com
  • phyerh. net
  • ojiskorp.net
  • rouperdo. net
  • tiffyre. net
  • superdonaldkood. com
  • soridok2kpop.com

Daptar Aplikasi sareng Status Ayeuna

Ngaran pakét ngaran aplikasi Unduh GooglePlay GP
Status
com. lottemembers. android L. POINT kalawan L. BAYAR 10 Jt+ diropéa*
com Bulanan23. SwipeBrickBreaker Gesek bata breaker 10 Jt+ DIpiceun**
com. realbyteapps. moneymanagerfree Duit Manajer Expenses & Anggaran 10 Jt+ diropéa*
com.skt.tmap.ku TMAP – 대리,주차,전기차 충전,킥보 10 Jt+ diropéa*
kr.co.lottecinema.lcm 롯데시네마 10 Jt+ diropéa*
com. ktmusic. geniemusic 지니뮤직 – jin 10 Jt+ diropéa*
com. cultureland. ver2 컬쳐랜드[컬쳐캐쉬] 5 juta+ diropéa*
com. gretech. gomplayerko pamuter GO 5 juta+ diropéa*
com. megabox. pel 메가박스(kotak mega) 5 juta + DIpiceun**
kr. co. psynet Skor LIVE, Skor Real Time 5 juta + diropéa*
sixclk. anyarpiki Pikicast 5 juta + DIpiceun**
com. appsnine. kompas Kompas 9: Kompas Smart 1 juta + DIpiceun**
com. gomtv. goomaudio GOM Audio – Lirik Musik, Singkronisasi 1 juta + diropéa*
com.gretech.gomtv TV – Sadayana Ngeunaan Video 1 juta + diropéa*
com. guninnuri. guninday 전역일 계산기 디데이 곰신톡군인 1 juta + diropéa*
com. itemmania. imiapp 아이템매니아게임 아이템 거래 1 juta + DIpiceun**
com.lotteworld.android.lottemagicpass LOTTE WORLD Magic Tikét 1 juta + diropéa*
com Bulanan23. BounceBrickBreaker Bata breaker 1 juta + DIpiceun**
com Bulanan23. InfiniteSlice Potongan Unlimited 1 juta + DIpiceun**
com. pompa. noraebang 나홀로 노래방쉽게 찾아 이용하는 1 juta + diropéa*
com. somcloud. sonote SomNote – Aplikasi catetan anu saé 1 juta + DIpiceun**
com. whitecrow. metroid Inpo Subway Korea: Metroid 1 juta + diropéa*
kr. co. GoodTVBible TV alus다번역성경찬송 1 juta + DIpiceun**
kr.co.happymobile.happyscreen 해피스크린해피포인트를 모으 1 juta + diropéa*
kr. co. rinasoft. kumaha UBhind: Mobile Tracker Manajer 1 juta + DIpiceun**
mafu. nyetir. gratis 스피드 운전면허 필기시험 1 juta + DIpiceun**
com.wtwoo.girlsinger.worldcup 이상형 월드컵 500K+ diropéa*
kr.ac.fspmobile.cu CU편의점택배 500K+ DIpiceun**
com. appsnine. audiorecorder 스마트 녹음기 : 음성 녹음기 100k+ DIpiceun**
com. kaméra. catmera 캣메라 [순정 무음카메라] 100k+ DIpiceun**
com. cultureland. plus 컬쳐플러스:컬쳐랜드 혜택 더하기 100k+ diropéa*
com. dkworks. simple_air 창문닫아요(미세/초미세먼지/WHO … 100k+ DIpiceun**
com.lotteworld.ticket.seoulsky 롯데월드타워 서울스카이 100k+ diropéa*
com Bulanan23. LevelUpSnakeBall Pecinta bola oray 100k+ DIpiceun**
com. nmp. playgeto 게토(geo) – PC 게이머 필수 100k+ DIpiceun**
com.note.app.memorymemo 기억메모심플해서 좋은 메모장 100k+ DIpiceun**
com. pamuter. pb. stream 풀빵 : 광고 없는 유튜브 영상 100k+ DIpiceun**
com. realbyteapps. moneya Manajer Duit (Hapus Iklan) 100k+ diropéa*
com. wishpoke. fanciticon Insaticon – Émotikon Imut, K 100k+ DIpiceun**
marifish. sesepuh815. ecloud 클라우드런처 100k+ diropéa*
com. dtryx. bioskop 작은영화관 50k+ diropéa*
com. kcld. kantor tiket 매표소뮤지컬문화공연 예매&… 50k+ diropéa*
com.lotteworld.ticket.akuarium 롯데월드 아쿠아리움 50k+ diropéa*
com.lotteworld.ticket.waterpark 롯데 워터파크 50k+ diropéa*
com.skt.skaf.l001mtm091 Peta T pikeun KT, LGU + 50k+ DIpiceun**
org. kumaha perusahaan. nomer acak 숫자 뽑기 50k+ diropéa*
com. aog. loader 로더(Pamuat) – 효과음 다운로드 10k+ DIpiceun**
com.gomtv.gomaudio.pro GOM Audio Ditambah – Musik, Sync l 10k+ diropéa*
com. NineGames. SwipeBrickBreaker2 Gesek Brick Breaker 2 10k+ DIpiceun**
com. bewara. safehome 안심해안심귀가 프로젝트 10k+ DIpiceun**
kr. thepay. chuncheon 불러봄내춘천시민을 위한 공공 10k+ DIpiceun**
com. curation. fantaholic 판타홀릭아이돌 SNS 5K+ DIpiceun**
com. dtryx. cinecube 씨네큐브 5K+ diropéa*
com.p2e.tia.tnt TNT 5K+ DIpiceun**
com.health.bestcare 베스트케어위험한 전자기장 1K+ DIpiceun**
com. nigames. solitaire Teu aya watesna Solitaire 1K+ DIpiceun**
com. bewara. newsafe 안심해 : 안심지도 1K+ DIpiceun**
com. notii. cashnote 노티아이 Pikeun 소상공인 1K+ DIpiceun**
com. tdi. dataone Berita TDI – 최초 데이터 뉴스 1K+ DIpiceun**
com. ting. panon 눈팅여자들의 커뮤니티 500+ DIpiceun**
com. ting. tingsearch 팅서치 TingSearch 50+ DIpiceun**
com 츄스틱 : 크리샤츄 Fantastic 50+ DIpiceun**
com. pamuter. yeonhagoogokka 연하구곡 10+ DIpiceun**

* Diropéa hartosna aplikasi panganyarna dina Google Play henteu ngandung perpustakaan anu ngabahayakeun.

** Dihapus hartina aplikasi teu sadia dina Google Play dina waktu posting.


#Goldoson #Privasi #Invasif #Android #Adware #sareng #Clicker #kapanggih #dina #aplikasi #populér #Koréa #Kidul

Oleh Diposting pada

This antivirus program sends precautions to its PC, Mac or cell phone when the Wi-Fi you are using is compromised. A free antivirus program must protect your malware device without reducing the competition of the exposure of your frame, however, that can be a difficult task in the domain of free programming. The Malwarebytes Premium Security Antivirus programming is the best illustration of a program that achieves this. This application offers free expulsion of malware and spyware, however, assuming that you need continuous adware, ransomware and phishing tricks, you will have to buy the exceptional package.

Additional reward: It is also simple to introduce and use on the two PC and Mac. With the increase in cyber attacks and communication of the insecure substance in the sites, protecting their children should be at the highest point of their objectives of their objectives of Web security Present to Norton 360 Deluxe to ensure that their children are protected from cyber attacks consistently. The intelligent product firewall helps defend your children’s children’s children, such as passwords and records. Heuristic analysis: The firm’s investigation has existed for some time, and programmers have tracked ways to evade it. Therefore, antivirus programs also use a methodology called heuristic exam.

This includes looking for qualities in a record that are like (but not the same as) those of known malware. Sandbox detection: If the antivirus programming finds a doubtful aspect document that is not clearly malware in the light of the signature and heuristic exam, it could open and execute the record in a solid region called “Sandbox”. This will allow the product to decide if the document is in fact evil. Whenever this is true, it can be erased very well without damaging your PC. IA/Artificial Intelligence: Antivirus programming can use these moderately new advances to “learn” about the rest of the world and recognize malware and other new dangers.

Then maintain data on these hazards in your discovery data set. Behavior monitoring: According to Hawes, behaviors observation includes verifying the information marketed between its PCs and peripherals such as printers and hard drives. Although Mac customers should also consider obtaining an antivirus device, Windows customers specifically have the best need. North of the vast majority of the malware that exists had an explicit intention of contaminating the PC with Windows. This does not imply that Windows PCs are innately more defenseless than MAC PCs. In any case, the predominance of infections that influence Windows PC The web or use your email.

Perhaps the greatest danger to Mac customers is the lack of concern. Although most of the infections that exist were intended for Windows PCs, MAC PCs are not yet helpless to obtain infection diseases. Surprisingly, there are much less antivirus programs that exist for MAC PCs, usually as a result of the much smaller number of Mac PC and a lower number of infections that influence Mac PC. Therefore, our exam only stands out on Windows PCs . In any case, you can find a survey of the best MAC Antivirus programs here. The best antivirus for malware. Huge players in the web security field for about twenty years, Malwarebytes offers the safety of antivirus and different administrations to the two people and organizations in the same way.

In addition to the fact that it is ideal to protect your devices to be contaminated from infections at the main moment, but at the same time it is useful to eliminate infections from contaminated devices. Premium Agreement: This is $ 39.99 per year for 1 gadgets or $ 79.99 each month for five devices. It gives admission to the accompanying elements in general: – Advanced antivirus, hostile to malware and against Spyware programming. Phishing trick assurance and malignant sites on Windows devices. Ransomware insurance and zero day take advantage of Windows devices. Malware browser guard: which eliminates promotions, hinders promotion trackers, blocks the malignant pages of the site and safeguards against online tricks.

Security without registration, which means that none of its actions is recorded while using it, consequently safeguarding its protection even more. More than 400 servers in the north of 30 nations to navigate. Sure while using public areas of Wi-Fi interest. All PC customers should consider the introduction essentially a free external antivirus device. From now on, most work frames accompany a free -edged free instrument, however, you should also think about buying or downloading a different application. Our information recommends that the projects remembered for most work frameworks are not so viable.

The best absolute response to stop a malware disease is to use an antivirus program. These instruments constantly examine your PC or cell phone and Internet browser, looking for known infections and anything that is seen and behaves like an infection. At the time a thought infection is recognized, the instrument will be isolated naturally, preventing it from contaminating its device. Then, at that point, you will receive a message that gives you the option to delete the registration assuming that it is an infection or delivery assuming that it was a false positive. In the event that you are presenting an antivirus instrument on a device that is now content, you can also use the device to examine the device and eliminate any malware or previous previous disease