![]() ![]() The created shortcut also has a surprise of its own. It also replaces all class/method/field name with meaningless strings thus making analysis difficult. As mentioned, these messages are sent without user consent and may cost users to pay extra for something they didn’t authorize.Īccording to Mobile security engineer Bob Pan, ANDROIDOS_FAKEINST.A has the ability to obfuscate its codes via inserting junk codes and encrypting the strings and decrypting it upon execution. Once installed, it creates a shortcut on the device’s homepage and sends SMS messages to specific numbers. APK file detected as ANDROIDOS_FAKEINST.A. Instead of the actual Bad Piggies app, users instead download a malicious. ![]() The said site offers the said app on different platforms. ![]() Among these sites is, which appears as an app download page. Slicing Through Malicious Bad Piggies Versionĭuring our research, we used the keyword "Bad Piggies" and encountered 48 Russian domains. Based on our analysis, these apps are verified as malicious, specifically premium service abusers, which send SMS messages without user consent and leaves users with unnecessary charges. However, these versions are not affiliated at all with the game. On the heels of Bad Piggies' launch last month, we saw rogue versions of the game on specific web pages hosted on Russian domains. Right after reports of malicious Bad Piggies on Google Chrome Web Store circulated, we found that certain developers also released their own, albeit rogue versions of the said gaming app. It's a pig-eat-pig world out there - at least on the mobile app threat front. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |