code

Friday, February 15, 2019

TheNiceDropper






Recent Android Malwares successfully upload their APKs to Google Play by hiding their malicious code in separate .dex libs, dynamically loading them at a specific time, and thus bypassing the app store tests.

I've created a POC of doing just that, but instead of loading code from local assets (as I've seen in some malwares), I first downloaded it from a server (making it harder to detect) and only then side-loaded it to the app's code. This can be changed to be run after a specific time or activity with a switch, so the malicious code won't run on Google Play's tests.

From the creators of TheNiceRansomware, I give you:

TheNiceDropper 😅  -  https://github.com/dor-alt/The-Nice-Dropper




- No comments:
Subscribe to: Posts (Atom)

Mastering Problem-Solving and Cultivating a Research Mindset in the ChatGPT Era (and why you still need to RTFM)

  In this post I'll present a technical problem (some will say it's probably a bug more than it is a feature) I had with a VR app, h...