MalBus Actor Changed Market from Google Play to ONE Store
Contents
Authored by: Sang Ryol Ryu and Chanung Pak
McAfee Mobile Research team has found another variant of MalBus on an education application, developed by a South Korean developer. In the previous Malbus case, the author distributed the malware through Google Play, but new variants are distributed via the ONE Store in much the same way. ONE Store is a joint venture by the country’s three major telecom companies and is a preinstalled app on most Android phones selling in South Korea. It has 35 million users (close to 70% of South Korea’s population) and has already surpassed Apple’s app store sales from the end of 2018.
The application in question is distributed via Google Play and the ONE Store at the same time. The malicious application downloads and runs an encrypted payload with malicious functions.
McAfee Mobile Security detects this threat as Android/Malbus and alerts mobile users if it is present, while protecting …
McAfee Mobile Research team has found another variant of MalBus on an education application, developed by a South Korean developer. In the previous Malbus case, the author distributed the malware through Google Play, but new variants are distributed via the ONE Store in much the same way. ONE Store is a joint venture by the country’s three major telecom companies and is a preinstalled app on most Android phones selling in South Korea. It has 35 million users (close to 70% of South Korea’s population) and has already surpassed Apple’s app store sales from the end of 2018.
The application in question is distributed via Google Play and the ONE Store at the same time. The malicious application downloads and runs an encrypted payload with malicious functions.
McAfee Mobile Security detects this threat as Android/Malbus and alerts mobile users if it is present, while protecting …
IoC
1613b35c73c6497730490d7712ac015c2b42931446aed149e1292e2ba77d0ff4
178dddf38ec232d540bd88320521d8134644da1e7af19e7ae295b2d614e3ab56
5e57bc8d83a372bf4d046c272cd43db9000036c9b32d8eecead1af75f4958c57
63d10c9cd105c7b17effef18d31d571fe4c9c999966cc09bdb40df07c1b6baa8
9fc914545fbb99b7e0d4a5207f5a2b32a8a127a36caa9159d4feeac445c509f7
c410cacbb0be8f649f082148c91f4cef27f101b8db3ce64a02882506c9b51a63
c5bff68022ead6302f710f1ce1c3d5682a8cd3610b1f8ed2563098d7ac4e1909
d328373cd67c467485b9c96349a0ee08fc3b58fe2c11fb19f4dcb9ea6c7a0dae
df651ac1bfd60cd29cea85cc410002b933552260c2439fe86a4f32486abd0828
f99212b70729942923fe26b996791cdd8eb561f8ae017e1d71202fbb97f7d245
178dddf38ec232d540bd88320521d8134644da1e7af19e7ae295b2d614e3ab56
5e57bc8d83a372bf4d046c272cd43db9000036c9b32d8eecead1af75f4958c57
63d10c9cd105c7b17effef18d31d571fe4c9c999966cc09bdb40df07c1b6baa8
9fc914545fbb99b7e0d4a5207f5a2b32a8a127a36caa9159d4feeac445c509f7
c410cacbb0be8f649f082148c91f4cef27f101b8db3ce64a02882506c9b51a63
c5bff68022ead6302f710f1ce1c3d5682a8cd3610b1f8ed2563098d7ac4e1909
d328373cd67c467485b9c96349a0ee08fc3b58fe2c11fb19f4dcb9ea6c7a0dae
df651ac1bfd60cd29cea85cc410002b933552260c2439fe86a4f32486abd0828
f99212b70729942923fe26b996791cdd8eb561f8ae017e1d71202fbb97f7d245