Reply to post: For those of you that want to play along at home....

Google scolded for depriving the poor of privacy as Chinese malware bundled on phones for hard-up Americans

Anonymous Coward
Anonymous Coward

For those of you that want to play along at home....

For those of you that have a subscription to Virus Total's malware database I have uploaded several of the apps and modules that were installed on the phones without the users knowledge:

com.concreteroom.thenorthpole-1.apk

26333a6d48deddd3305c07b5ee00bb6e

com.democratizing.casualness-1.apk

82ecf170914d360992e230e0929fc0b8

com.spidmes.peaus-1.apk

fde7346273d4561b306828615412899d

com.tesla.eo.xsdfa.apk

3332c30b6e4823135c984c57e11512ef

com.bird.aa01.apk

3f9cb3284cfb560ea59f6a4d895ee0a5

SystemFota.apk

94f0226b794040cc3e3952614a569c61

Gallery2.apk

e7a6854e7bdd61207100bde3a9cc3f73

Plays_com.android.eo.plays.apks

432feebad71938963100e4571be0a6ed

Some interesting facts:

The Gallery app has encrypted modules hidden in the Assets folder as fake True Type fonts ("samsun.ttf" and "small.ttf")

The com.tesla.eo.xsdfa.apk hides it's icon from the user's screen to avoid deletion by novice users and is designed to look like the "Clean Master" found on the Google Play Store and actually shares some of Clena Master's SDK's.

This app also has several encrypted libs and modules in the Assets folder.

All the apps use the factory installed Calendar app to avoid detection by waiting to decrypt any modules until after the user has had the phone for a while.

Some of the apps didn't appear until after 4 weeks of use.

The apps also look to see if the phone has been rooted by checking for common rooting signatures such as: ("com.koushikdutta.superuser", "com.thirdparty.superuser", "com.yellowes.su", "com.topjohnwu.magisk") and also executing the "su" command in the background.

The apps also detect if they are on an emulator by checking how many processor cores are in use by running "cat /proc/cpuinfo" but is hidden from the system by using base64 encoding.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020