Meanwhile, if you’ve delayed enabling these services for a few minutes, the app will begin to pop up even more dialog boxes that ask permissions for even more features. If, at this point, the user attempts to click the Cancel button, the app pauses for a few seconds then pops the same dialog up again, until the user clicks OK. The app asks you to allow it to monitor all user activity and inspect the contents of an active window. When you click through to this service page, the app requests permissions well outside of the normal scope of permissions for an app that’s ostensibly designed to perform contact tracing. The app expects you to click the text in the window under the Services header which reads TousAntiCovid or AntiCovid. The more frequently you try to navigate away, the more aggressively the app pushes you back into this settings page. In this window, the app does not pop up a dialog box, but if you try to navigate away from the Accessibility settings, the window opens again. The installation looks benign, as the installation screen says that the app “does not require any special access.” However, upon first launch, the app immediately asserts itself by opening the settings page where users can configure Accessibility features on the phone. Users who downloaded and ran the malicious tousanticovid app were first presented with a conventional-looking installation dialog in which the app does not request any permissions. It also runs a foreground service that allows it to maintain persistence and even stay active when battery optimization settings are enabled on the phone. These Cerberus samples share a common trait with many others: Their names are a seemingly unrelated trio of nouns, verbs, and adjectives:, , and were three samples we encountered.
#DATATHIEF FREE DOWNLOAD CODE#
The source code for Cerberus was leaked earlier this year, and this variant appears to have been built from this leaked source code. Social engineering aside, the app itself is a complex piece of malware with a wide range of malicious capabilities: It can read or send SMS messages and notifications record and forward phone calls steal credentials from banking apps, Google accounts, and multifactor authentication tokens from the Google Authenticator TOTP app read the lock screen passcode and log all keystrokes entered on the virtual keyboard.
#DATATHIEF FREE DOWNLOAD APK#
The messages contained a link that pointed to a website designed to closely resemble the French government’s official website for the app, but instead delivered an Android APK that used the legitimate app’s name and icon, but was a variant of the Android malware family known as Cerberus.
#DATATHIEF FREE DOWNLOAD DOWNLOAD#
Earlier this month, an unknown adversary sent a flood of SMS messages to mobile phone users in France urging the recipients to download what it claimed was the official French COVID-19 contact tracing app, TousAntiCovid.
0 kommentar(er)
