Malicious android app Static Analysis
“Sometimes one pays most for the things one gets for nothing.”― Albert Einstein
On this beautiful evening, I get a call of a mobile security incident. Details: “Friends are calling that they have received the following message from my number soliciting for funds, funny thing, I haven’t sent out any text”, explains the victim.
This is a mobile fraud incident common in KE and I set out to Identify how it happened. Preliminary investigations on the running processes, applications and using other tools such as Network Connections android app, lead to Free Facebook app as a suspect.
I set out to conduct a static analysis of the apk file:
Static Analysis tool: Mobile Security Framework MobSF v3.0.8 Beta
File Information:
The application has a Common Vulnerability Scoring System(CVSS) score of 7.5 — → High Risk
The play-store information is as misleading as expected. The application is categorized: Education and is titled: DARLearning — —> Masquerading for Detection Avoidance.
The Description is in Spanish language as well:
The application requires interesting and dangerous permissions such as sending and receiving SMS messages, reading contact data and reading phone state and identity: meaning, the malicious application can determine the serial number and phone number of the victim phone.
Deceiving Users
How…
The strings in the app reveal how users are duped with: “To use Free Facebook please press the ACTIVATE BUTTON below and enjoy Facebook without data bundles.”
Pressing the ACTIVATE BUTTON activates the device admin settings that enables the app to send messages to contacts in the phone. There are two hard coded messages in the app, as revealed from the strings.
1st message solicits for MPESA tranfers
“msg” : “ Aki nimekwama hapa stage. Please send me hata 50 bob kwa Mpesa to 0758856495 (Ni ya mwenye MPESA hapa)Line yangu iko na Fuliza kubwa. Please nakurefund kesho.”
2nd message solicits for airtime transfers
“msg” : “Please Please send me 20 bob airtime to this number 0768409499. I have okoa in my line. I’ll appreciate.I really need to contact someone so urgently. Tafadhali I will refund.”
Interesting texts huh1! Atleast one friend usually fall for this, sadly😟
Conclusion
Our nature to love freebies has proven to be a dangerous tool exploited by cyber criminals to advance their malicious activities.Digitization is massive in Kenya, the huge uptake of MPESA a proof.
Subsequently, cyber-criminals have devised methods and sophisticated techniques of conducting mobile money fraud such the malicious
mobile application broken down in the above article.
Protect yourself
Avoid ads and links on your phone promising freebies: free browsing, free Facebook without bundles, free everything😠
Parting Shot
“Sometimes one pays most for the things one gets for nothing.”
― Albert Einstein