lazarusholic

2019-02-04, Mcafee
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malbus-popular-south-korean-bus-app-series-in-google-play-found-dropping-malware-after-5-years-of-development/
#Mobile #MalBus

McAfee’s Mobile Research team recently learned of a new malicious Android application masquerading as a plugin for a transportation application series developed by a South Korean developer. The series provides a range of information for each region of South Korea, such as bus stop locations, bus arrival times and so on. There are a total of four apps in the series, with three of them available from Google Play since 2013 and the other from around 2017. Currently, all four apps have been removed from Google Play while the fake plugin itself was never uploaded to the store. While analyzing the fake plugin, we were looking for initial downloaders and additional payloads – we discovered one specific version of each app in the series (uploaded at the same date) which was dropping malware onto the devices on which they were installed, explaining their removal from Google Play after 5 years …

12518eaa24d405debd014863112a3c00a652f3416df27c424310520a8f55b2ec
19162b063503105fdc1899f8f653b42d1ff4fcfcdf261f04467fad5f563c0270
20e6391cf3598a517467cfbc5d327a7bb1248313983cba2b56fd01f8e88bb6b9
3252fbcee2d1aff76a9f18b858231adb741d4dc07e803f640dcbbab96db240f9
91f8c1f11227ee1d71f096fd97501c17a1361d71b81c3e16bcdabad52bfa5d9f
b8b5d82eb25815dd3685630af9e9b0938bccecb3a89ce0ad94324b12d25983f0
b9d9b2e39247744723f72f63888deb191eafa3ffa137a903a474eda5c0c335cf
bed3e665d2b5fd53aab19b8a62035a5d9b169817adca8dfb158e3baf71140ceb
e71dc11e8609f6fd84b7af78486b05a6f7a2c75ed49a46026e463e9f86877801
ecb6603a8cd1354c9be236a3c3e7bf498576ee71f7c5d0a810cb77e1138139ec