Static and Dynamic Analysis.
Analysis of “PDF Reader Upgrade” App
Information About App:info. of App.
Certificate Info:Certificate is signed with the v1 signature schema which makes it vulnerable to Janus vulnerability.
App Permissions:In image we can see app has access to many malicious permissions.
Obfuscation and Anti-VM Code:
App logs into the sensitive information of user which should never be logged.It also has ability to read and write into the external storage.
Android API used:
Running app dynamically on emulator [ android VM ] . App for sometime the App crashes.screenshot of running app dynamically in emulator.
Communicating Files with C2:-
Spynote malware is been active recently on Google Play Store with the signed valid signatures which makes its harder to detect and millions of such apps are being available with such similar configurations.
That’s all for today.