mercredi 31 mai 2017

Finding Malware Within A ROM

A few months ago I purchased a couple of Chinese phones online, which all came with malware installed :( Thankfully I was able to obtain the ROM, extract the system.img, remove all the malware, rebuild the system.img, then flash the phones.

However I noticed some suspicious activity in NoRoot Firewall last week where an app was trying to access the internet, but by the time I came to deny it, it was showing as "Uninstalled App".

Yesterday Sophos notified me that a recently downloaded file was "Low Popularity" and could potentially be a risk. This actually happened on ALL the phones, and in fact when I came to look there were several files all the similar filenames. They started with a minus symbol followed by a random number .jar. For example -1645982102.jar

I don't suppose anyone has seen these JARs before or know what they are?

I am going to extract the system.img again and scan everything though VirusTotal (again). However due to the extremely large number of files I don't think it's possible to scan everything in the system.img. I intent to scan all the APKs, and JARs. Is there anything else I need to consider?

My final question is, apart from the system.img could there be malware hidden elsewhere, such as boot.img, recovery.img, or the kernel?


from Android Forums at AndroidCentral.com - Ask a Question http://ift.tt/2qBKMHH
via IFTTT

Aucun commentaire:

Enregistrer un commentaire