code

Friday, February 15, 2019

TheNiceDropper






Recent Android Malwares successfully upload their APKs to Google Play by hiding their malicious code in separate .dex libs, dynamically loading them at a specific time, and thus bypassing the app store tests.

I've created a POC of doing just that, but instead of loading code from local assets (as I've seen in some malwares), I first downloaded it from a server (making it harder to detect) and only then side-loaded it to the app's code. This can be changed to be run after a specific time or activity with a switch, so the malicious code won't run on Google Play's tests.

From the creators of TheNiceRansomware, I give you:

TheNiceDropper 😅  -  https://github.com/dor-alt/The-Nice-Dropper




- No comments:
Subscribe to: Posts (Atom)

Black Mirror Season 7 - "Plaything" Easter eggs, where it fits in Tuckersoft and TCKR systems universe and Bandersnatch connection

    AI is going to end the world as we know it, but not in the way you think. In the past few days, I had the chance to play a new game ...