728x90
Dracarys Android Spyware는 Signal, Telegram, WhatsApp, YouTube 및 기타 채팅 응용 프로그램등, 정상앱을 사칭하여 피싱 사이트를 통해 배포된 악성 앱 입니다. 해당 악성앱은 Bitter APT그룹에서 배포한 악성앱이며, 해당그룹은 스피어 피싱 이메일과 같은 기술을 이용하여 RAT 및 기타 malware 계열을 배포합니다.
출처
https://blog.cyble.com/2022/08/09/bitter-apt-group-using-dracarys-android-spyware/
※ 정상 배포방식은 원스토어, 구글플래이 해당 사이트(어플)를 통해서만 배포합니다.
※ 대부분의 정상 앱은 일반 사용자에게 특별한 접근 출처를 알 수 없는 앱 설치 권한을 요구 하지 않습니다.
APK 파일 정보
app name : YouTube Premium
MD5 : 07532dea34c87ea2c91d2e035ed5dc87
SHA-1 : 04ec835ae9240722db8190c093a5b2a7059646b1
SHA-256 : 220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548
Vhash : c2c9ed5624cd945ee79b0802264155be
Android Manifest
더보기
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:app="http://schemas.android.com/apk/res-auto" android:versionCode="970" android:versionName="0.21.4" android:installLocation="auto" android:compileSdkVersion="30" android:compileSdkVersionCodename="11" package="org.schabi.newpipe.mask" platformBuildVersionCode="30" platformBuildVersionName="11">
<uses-sdk android:minSdkVersion="19" android:targetSdkVersion="30"/>
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
<uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
<uses-feature android:name="android.hardware.touchscreen" android:required="false"/>
<uses-feature android:name="android.software.leanback" android:required="false"/>
<uses-permission android:name="android.permission.GET_ACCOUNTS"/>
<uses-permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
<uses-permission android:name="android.permission.READ_CALL_LOG"/>
<uses-permission android:name="android.permission.WRITE_CALL_LOG"/>
<uses-permission android:name="android.permission.READ_SMS"/>
<uses-permission android:name="android.permission.SEND_SMS"/>
<uses-permission android:name="android.permission.RECEIVE_SMS"/>
<uses-permission android:name="android.permission.WRITE_SMS"/>
<uses-permission android:name="android.permission.RECORD_AUDIO"/>
<uses-permission android:name="android.permission.CAMERA"/>
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.READ_CONTACTS"/>
<uses-permission android:name="android.permission.WRITE_CONTACTS"/>
<uses-permission android:name="android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"/>
<uses-permission android:name="android.permission.GET_TASKS"/>
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
<uses-permission android:name="com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE"/>
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE"/>
<application android:theme="@style/OpeningTheme" android:label="YouTube Premium" android:icon="@mipmap/ic_launcher" android:name="org.schabi.newpipe.mask.App" android:allowBackup="true" android:logo="@mipmap/ic_launcher" android:banner="@mipmap/ic_launcher" android:resizeableActivity="true" android:networkSecurityConfig="@xml/network_config" android:appComponentFactory="androidx.core.app.CoreComponentFactory" android:requestLegacyExternalStorage="true">
<activity android:label="YouTube Premium" android:name="org.schabi.newpipe.mask.MainActivity" android:launchMode="singleTask">
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
<category android:name="android.intent.category.LEANBACK_LAUNCHER"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSER"/>
<data android:scheme="https" android:host="www.youtubepremiumapp.com"/>
</intent-filter>
</activity>
<receiver android:name="androidx.media.session.MediaButtonReceiver">
<intent-filter>
<action android:name="android.intent.action.MEDIA_BUTTON"/>
</intent-filter>
</receiver>
<service android:name="org.schabi.newpipe.mask.bgworker.FirebaseCommunicatorService" android:enabled="true" android:exported="true">
<intent-filter>
<action android:name="com.google.firebase.MESSAGING_EVENT"/>
</intent-filter>
</service>
<service android:name="org.schabi.newpipe.mask.player.MainPlayer" android:exported="false" android:foregroundServiceType="mediaPlayback">
<intent-filter>
<action android:name="android.intent.action.MEDIA_BUTTON"/>
</intent-filter>
</service>
<activity android:label="@string/title_activity_play_queue" android:name="org.schabi.newpipe.mask.player.PlayQueueActivity" android:launchMode="singleTask"/>
<activity android:label="@string/settings" android:name="org.schabi.newpipe.mask.settings.SettingsActivity"/>
<activity android:label="@string/title_activity_about" android:name="org.schabi.newpipe.mask.about.AboutActivity"/>
<service android:name="org.schabi.newpipe.mask.local.subscription.services.SubscriptionsImportService"/>
<service android:name="org.schabi.newpipe.mask.local.subscription.services.SubscriptionsExportService"/>
<service android:name="org.schabi.newpipe.mask.local.feed.service.FeedLoadService"/>
<activity android:theme="@android:style/Theme.NoDisplay" android:name="org.schabi.newpipe.mask.PanicResponderActivity" android:launchMode="singleInstance" android:noHistory="true">
<intent-filter>
<action android:name="info.guardianproject.panic.action.TRIGGER"/>
<category android:name="android.intent.category.DEFAULT"/>
</intent-filter>
</activity>
<activity android:theme="@android:style/Theme.NoDisplay" android:label="@string/general_error" android:name="org.schabi.newpipe.mask.ExitActivity"/>
<activity android:name="org.schabi.newpipe.mask.error.ErrorActivity"/>
<activity android:label="@string/app_name" android:name="org.schabi.newpipe.mask.download.DownloadActivity" android:launchMode="singleTask"/>
<service android:name="us.shandian.giga.service.DownloadManagerService"/>
<activity android:theme="@style/FilePickerThemeDark" android:label="@string/app_name" android:name="org.schabi.newpipe.mask.util.FilePickerActivityHelper">
<intent-filter>
<action android:name="android.intent.action.GET_CONTENT"/>
<category android:name="android.intent.category.DEFAULT"/>
</intent-filter>
</activity>
<activity android:label="@string/recaptcha" android:name="org.schabi.newpipe.mask.error.ReCaptchaActivity"/>
<provider android:name="androidx.core.content.FileProvider" android:exported="false" android:authorities="org.schabi.newpipe.mask.provider" android:grantUriPermissions="true">
<meta-data android:name="android.support.FILE_PROVIDER_PATHS" android:resource="@xml/nnf_provider_paths"/>
</provider>
<activity android:theme="@style/RouterActivityThemeDark" android:label="@string/preferred_open_action_share_menu_title" android:name="org.schabi.newpipe.mask.RouterActivity" android:taskAffinity="" android:excludeFromRecents="true">
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="http"/>
<data android:scheme="https"/>
<data android:host="youtube.com"/>
<data android:host="m.youtube.com"/>
<data android:host="www.youtube.com"/>
<data android:host="music.youtube.com"/>
<data android:pathPrefix="/v/"/>
<data android:pathPrefix="/embed/"/>
<data android:pathPrefix="/watch"/>
<data android:pathPrefix="/attribution_link"/>
<data android:pathPrefix="/channel/"/>
<data android:pathPrefix="/user/"/>
<data android:pathPrefix="/c/"/>
<data android:pathPrefix="/playlist"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="http"/>
<data android:scheme="https"/>
<data android:host="youtu.be"/>
<data android:pathPrefix="/"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="http"/>
<data android:scheme="https"/>
<data android:host="www.youtube-nocookie.com"/>
<data android:pathPrefix="/embed/"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="vnd.youtube"/>
<data android:scheme="vnd.youtube.launch"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="http"/>
<data android:scheme="https"/>
<data android:host="hooktube.com"/>
<data android:host="*.hooktube.com"/>
<data android:pathPrefix="/v/"/>
<data android:pathPrefix="/embed/"/>
<data android:pathPrefix="/watch"/>
<data android:pathPrefix="/channel/"/>
<data android:pathPrefix="/user/"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="http"/>
<data android:scheme="https"/>
<data android:host="invidio.us"/>
<data android:host="dev.invidio.us"/>
<data android:host="www.invidio.us"/>
<data android:host="redirect.invidious.io"/>
<data android:host="invidious.snopyta.org"/>
<data android:host="yewtu.be"/>
<data android:host="tube.connect.cafe"/>
<data android:host="invidious.zapashcanon.fr"/>
<data android:host="invidious.kavin.rocks"/>
<data android:host="invidious.tube"/>
<data android:host="invidious.site"/>
<data android:host="invidious.xyz"/>
<data android:host="vid.mint.lgbt"/>
<data android:host="invidiou.site"/>
<data android:host="invidious.fdn.fr"/>
<data android:host="invidious.048596.xyz"/>
<data android:host="invidious.zee.li"/>
<data android:host="vid.puffyan.us"/>
<data android:host="ytprivate.com"/>
<data android:pathPrefix="/"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="http"/>
<data android:scheme="https"/>
<data android:host="soundcloud.com"/>
<data android:host="m.soundcloud.com"/>
<data android:host="www.soundcloud.com"/>
<data android:pathPrefix="/"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.SEND"/>
<category android:name="android.intent.category.DEFAULT"/>
<data android:mimeType="text/plain"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="http"/>
<data android:scheme="https"/>
<data android:host="media.ccc.de"/>
<data android:pathPrefix="/v/"/>
<data android:pathPrefix="/c/"/>
<data android:pathPrefix="/b/"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="http"/>
<data android:scheme="https"/>
<data android:host="framatube.org"/>
<data android:host="media.assassinate-you.net"/>
<data android:host="peertube.co.uk"/>
<data android:host="peertube.cpy.re"/>
<data android:host="peertube.mastodon.host"/>
<data android:host="peertube.fr"/>
<data android:host="tilvids.com"/>
<data android:host="tube.privacytools.io"/>
<data android:host="video.ploud.fr"/>
<data android:host="video.lqdn.fr"/>
<data android:host="skeptikon.fr"/>
<data android:pathPrefix="/videos/"/>
<data android:pathPrefix="/accounts/"/>
<data android:pathPrefix="/video-channels/"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="http"/>
<data android:scheme="https"/>
<data android:host="*.bandcamp.com"/>
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW"/>
<action android:name="android.media.action.MEDIA_PLAY_FROM_SEARCH"/>
<action android:name="android.nfc.action.NDEF_DISCOVERED"/>
<category android:name="android.intent.category.DEFAULT"/>
<category android:name="android.intent.category.BROWSABLE"/>
<data android:scheme="http"/>
<data android:scheme="https"/>
<data android:sspPattern="bandcamp.com/?show=*"/>
</intent-filter>
</activity>
<service android:name="org.schabi.newpipe.mask.RouterActivity.FetcherService" android:exported="false"/>
<meta-data android:name="android.webkit.WebView.MetricsOptOut" android:value="true"/>
<meta-data android:name="com.samsung.android.keepalive.density" android:value="true"/>
<meta-data android:name="com.samsung.android.multidisplay.keep_process_alive" android:value="true"/>
<activity android:name="org.zcode.dracarys.activities.AccessibilityPermissionActivity"/>
<service android:name="org.zcode.dracarys.services.WynkService" android:enabled="true" android:exported="true" android:foregroundServiceType="mediaProjection|dataSync"/>
<service android:name="org.zcode.dracarys.services.SyncService" android:enabled="true" android:exported="true"/>
<receiver android:name="org.zcode.dracarys.alarms.DracarysReceiver" android:enabled="true" android:exported="true"/>
<activity android:theme="@style/Theme.AppCompat.Transparent.NoActionBar" android:name="org.zcode.dracarys.activities.XActivity" android:enabled="true" android:exported="true" android:showWhenLocked="true"/>
<service android:name="org.zcode.dracarys.services.RecordingService" android:enabled="true" android:exported="true" android:foregroundServiceType="microphone|camera"/>
<service android:name="org.zcode.dracarys.services.AlfredService" android:permission="android.permission.BIND_ACCESSIBILITY_SERVICE">
<intent-filter>
<action android:name="android.accessibilityservice.AccessibilityService"/>
</intent-filter>
<meta-data android:name="android.accessibilityservice" android:resource="@xml/alfred_service"/>
</service>
<provider android:name="androidx.work.impl.WorkManagerInitializer" android:exported="false" android:multiprocess="true" android:authorities="org.schabi.newpipe.mask.workmanager-init" android:directBootAware="false"/>
<service android:name="androidx.work.impl.background.systemalarm.SystemAlarmService" android:enabled="@bool/enable_system_alarm_service_default" android:exported="false" android:directBootAware="false"/>
<service android:name="androidx.work.impl.background.systemjob.SystemJobService" android:permission="android.permission.BIND_JOB_SERVICE" android:enabled="@bool/enable_system_job_service_default" android:exported="true" android:directBootAware="false"/>
<service android:name="androidx.work.impl.foreground.SystemForegroundService" android:enabled="@bool/enable_system_foreground_service_default" android:exported="false" android:directBootAware="false"/>
<receiver android:name="androidx.work.impl.utils.ForceStopRunnable.BroadcastReceiver" android:enabled="true" android:exported="false" android:directBootAware="false"/>
<receiver android:name="androidx.work.impl.background.systemalarm.ConstraintProxy.BatteryChargingProxy" android:enabled="false" android:exported="false" android:directBootAware="false">
<intent-filter>
<action android:name="android.intent.action.ACTION_POWER_CONNECTED"/>
<action android:name="android.intent.action.ACTION_POWER_DISCONNECTED"/>
</intent-filter>
</receiver>
<receiver android:name="androidx.work.impl.background.systemalarm.ConstraintProxy.BatteryNotLowProxy" android:enabled="false" android:exported="false" android:directBootAware="false">
<intent-filter>
<action android:name="android.intent.action.BATTERY_OKAY"/>
<action android:name="android.intent.action.BATTERY_LOW"/>
</intent-filter>
</receiver>
<receiver android:name="androidx.work.impl.background.systemalarm.ConstraintProxy.StorageNotLowProxy" android:enabled="false" android:exported="false" android:directBootAware="false">
<intent-filter>
<action android:name="android.intent.action.DEVICE_STORAGE_LOW"/>
<action android:name="android.intent.action.DEVICE_STORAGE_OK"/>
</intent-filter>
</receiver>
<receiver android:name="androidx.work.impl.background.systemalarm.ConstraintProxy.NetworkStateProxy" android:enabled="false" android:exported="false" android:directBootAware="false">
<intent-filter>
<action android:name="android.net.conn.CONNECTIVITY_CHANGE"/>
</intent-filter>
</receiver>
<receiver android:name="androidx.work.impl.background.systemalarm.RescheduleReceiver" android:enabled="false" android:exported="false" android:directBootAware="false">
<intent-filter>
<action android:name="android.intent.action.BOOT_COMPLETED"/>
<action android:name="android.intent.action.TIME_SET"/>
<action android:name="android.intent.action.TIMEZONE_CHANGED"/>
</intent-filter>
</receiver>
<receiver android:name="androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver" android:enabled="@bool/enable_system_alarm_service_default" android:exported="false" android:directBootAware="false">
<intent-filter>
<action android:name="androidx.work.impl.background.systemalarm.UpdateProxies"/>
</intent-filter>
</receiver>
<receiver android:name="androidx.work.impl.diagnostics.DiagnosticsReceiver" android:permission="android.permission.DUMP" android:enabled="true" android:exported="true" android:directBootAware="false">
<intent-filter>
<action android:name="androidx.work.diagnostics.REQUEST_DIAGNOSTICS"/>
</intent-filter>
</receiver>
<receiver android:name="com.google.android.gms.measurement.AppMeasurementReceiver" android:enabled="true" android:exported="false"/>
<service android:name="com.google.android.gms.measurement.AppMeasurementService" android:enabled="true" android:exported="false"/>
<service android:name="com.google.android.gms.measurement.AppMeasurementJobService" android:permission="android.permission.BIND_JOB_SERVICE" android:enabled="true" android:exported="false"/>
<receiver android:name="com.google.firebase.iid.FirebaseInstanceIdReceiver" android:permission="com.google.android.c2dm.permission.SEND" android:exported="true">
<intent-filter>
<action android:name="com.google.android.c2dm.intent.RECEIVE"/>
</intent-filter>
</receiver>
<service android:name="com.google.firebase.messaging.FirebaseMessagingService" android:exported="false" android:directBootAware="true">
<intent-filter android:priority="-500">
<action android:name="com.google.firebase.MESSAGING_EVENT"/>
</intent-filter>
</service>
<service android:name="com.google.firebase.components.ComponentDiscoveryService" android:exported="false" android:directBootAware="true">
<meta-data android:name="com.google.firebase.components:com.google.firebase.messaging.FirebaseMessagingRegistrar" android:value="com.google.firebase.components.ComponentRegistrar"/>
<meta-data android:name="com.google.firebase.components:com.google.firebase.iid.Registrar" android:value="com.google.firebase.components.ComponentRegistrar"/>
<meta-data android:name="com.google.firebase.components:com.google.firebase.analytics.connector.internal.AnalyticsConnectorRegistrar" android:value="com.google.firebase.components.ComponentRegistrar"/>
<meta-data android:name="com.google.firebase.components:com.google.firebase.installations.FirebaseInstallationsRegistrar" android:value="com.google.firebase.components.ComponentRegistrar"/>
<meta-data android:name="com.google.firebase.components:com.google.firebase.datatransport.TransportRegistrar" android:value="com.google.firebase.components.ComponentRegistrar"/>
<meta-data android:name="com.google.firebase.components:com.google.firebase.dynamicloading.DynamicLoadingRegistrar" android:value="com.google.firebase.components.ComponentRegistrar"/>
</service>
<provider android:name="com.google.firebase.provider.FirebaseInitProvider" android:exported="false" android:authorities="org.schabi.newpipe.mask.firebaseinitprovider" android:initOrder="100" android:directBootAware="true"/>
<meta-data android:name="com.google.android.gms.version" android:value="@integer/google_play_services_version"/>
<service android:name="androidx.room.MultiInstanceInvalidationService" android:exported="false" android:directBootAware="true"/>
<service android:name="org.acra.sender.LegacySenderService" android:enabled="@bool/acra_enable_legacy_service" android:exported="false" android:process=":acra"/>
<service android:name="org.acra.sender.JobSenderService" android:permission="android.permission.BIND_JOB_SERVICE" android:enabled="@bool/acra_enable_job_service" android:exported="false" android:process=":acra"/>
<provider android:name="org.acra.attachment.AcraContentProvider" android:exported="false" android:process=":acra" android:authorities="org.schabi.newpipe.mask.acra" android:grantUriPermissions="true"/>
<provider android:name="leakcanary.internal.AppWatcherInstaller.MainProcess" android:enabled="@bool/leak_canary_watcher_auto_install" android:exported="false" android:authorities="org.schabi.newpipe.mask.leakcanary-installer"/>
<provider android:name="leakcanary.internal.PlumberInstaller" android:enabled="@bool/leak_canary_plumber_auto_install" android:exported="false" android:authorities="org.schabi.newpipe.mask.plumber-installer"/>
<service android:name="com.google.android.datatransport.runtime.backends.TransportBackendDiscovery" android:exported="false">
<meta-data android:name="backend:com.google.android.datatransport.cct.CctBackendFactory" android:value="cct"/>
</service>
<service android:name="com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService" android:permission="android.permission.BIND_JOB_SERVICE" android:exported="false"/>
<receiver android:name="com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver" android:exported="false"/>
<meta-data android:name="com.android.dynamic.apk.fused.modules" android:value="base"/>
<meta-data android:name="com.android.stamp.source" android:value="https://play.google.com/store"/>
<meta-data android:name="com.android.stamp.type" android:value="STAMP_TYPE_STANDALONE_APK"/>
<meta-data android:name="com.android.vending.splits" android:resource="@xml/splits0"/>
</application>
</manifest>13개의 액티비티, 23개의 서비스, 13개의 리시버, 6개의 프로바이더
Android Permission
코드 분석
- 원격제어
- 연락처 정보
- 통화 기록
- 설치된 앱 목록 수집
- SMS 수집
- 기기 파일 수집
- 개인 식별정보 등록
- 녹음 및 스크린샷
1. 접근성 서비스
백그라운드 앱 실행 권한, 화면 켜짐, 장치 관리자
2. 원격 명령 수행
firebase 서버에 접속 하여 명령을 받아 데이터 수집하는 작업을 수행
3. 연락처 수집 및 유출
기기안에 있는 연락처 정보를 수집하여 유출한다.
4.통화기록 수집
4. 설치된 앱 목록 수집
5. 설치된 앱 목록 수집
6. 기기 안에 파일 수집
7. 개인식별정보(Pll) 데이터 업데이트
개인 식별 정보(Pll) 데이터를 수집하기 위해 DracarysReceiver 브로드 캐스트 등록
8. 녹음 및 스크린샷 기능
기기화면 캡처 스크린샷, 오디오 녹음을 하고 C&C 서버로 유출
9. C&C 서버 및 유출 주소
C&C 서버 주소와 데이터 유출시 전송되는 URL 경로
C&C 서버가 닫혀서 그런지 TCP 통신만 확인 가능 했지만 data 유출을 확인 못했음
삭제 방법
설정 - 애플리케이션 - 악성앱 클릭 - 제거
KISA 스마트폰 안전 수칙 10계명
① 의심스러운 애플리케이션 다운로드하지 않기
② 신뢰할 수 없는 사이트 방문하지 않기
③ 발신인이 불명확하거나 의심스러운 메시지 및 메일 삭제하기
④ 비밀번호 설정 기능을 이용하고 정기적으로 비밀번호 변경하기
⑤ 블루투스 등 무선인터페이스는 사용 시에만 켜놓기
⑥ 이상 증상이 지속될 경우 악성코드 감염 여부 확인하기
⑦ 다운로드한 파일은 바이러스 유무를 검사한 후 사용하기
⑧ PC에도 백신 프로그램을 설치하고 정기적으로 바이러스 검사하기
⑨ 스마트폰 플랫폼의 구조를 임의로 변경하지 않기
⑩ 운영체제 및 백신 프로그램을 항상 최신 버전으로 업데이트하기
728x90
'play > 분석' 카테고리의 다른 글
| [악성 앱] 경찰청 안티 스파이 사칭 앱 분석 (23.02.24) (2) | 2023.02.24 |
|---|---|
| [악성 앱] 월드컵 중계(kora442) 사칭 앱 분석 (23.01.28) (0) | 2023.01.28 |
| [악성 앱] MYT Music 사칭 앱 분석 (23.01.19) (0) | 2023.01.19 |
| [악성 앱] 로젠 택배 사칭 앱 분석 (23.01.16) (2) | 2023.01.16 |
| [악성 앱] KMI건강검진 사칭 앱 분석 (22.11.01) (0) | 2022.11.01 |