Skip to main content

Godless Malware:Working principle behind Malicious coding process revealed

The process of Godless malware revealed from decompiling the source code.One of the Godless malware app is Summer flashlight according to Trend Micro.
So,I decompiled the dex file of summer flashlight apk into java files.This app packs with mobo SDK which enables the exploit to root install.The target of this app is done through:
1.FastInstallService.java:This set of code makes the device to install service for root install.
2.PMservice.java:This set of code enables to install the package.
3.ScreenChargeReceiver.java:Alerts the root install service when the screen is turned off.
4.C0925A.java:Alerts the service about root status whether success or failure.
After rooting,the service install some unremovable packages without any system privileges.

Comments

Post a Comment

Popular posts from this blog

Denesh Techs - Double Locker Ransomware

Double Locker Ransomware attacks android device by changing the device PIN and encrypts all the user data.It uses AES(Advanced Encryption Standard) for encrypting the files in the phone which are nearly impossible to decrypt without the key from the hacker.These Ransomwares are distributed through the fake adobe flash player apps or any other fake android apps.Once the app gets installed,The app prompts the user to activate device administration rights.When user unknowingly allows the permission,Then it starts its process.It encrypts the files by wrapping the data under ( .cryeye ) extension.Then it sets the app as default launcher.Whenever,the user unknowingly pressing the home button each time,the ransomware process running in the background triggers and changes the PIN and locks it immediately. The only way to recover the device from Double Locker is to factory reset the smartphone.If the device is rooted,without factory resetting the phone,The PIN can be reset and the datas ca
Post a Comment
Read more