Analysis of “Moji Market” App
Information About App:
Obfuscation and Anti-VM Code:
App logs into the sensitive information of user which should never be logged.It also has ability to read and write into the external storage and also uses the insecure RNG [Random Number Generator ] and SSL. Moreover , it has weak hash’s and also stores the sensitive information of user in temp file and discloses the IP address of device. Clear text network traffic is enabled for the App.
Services run by App:
Running app dynamically on emulator [ android VM ] . App for sometime the App crashes.
Communicating Files with C2:-
Joker malware is pretty much active from last few months starting from beginning of this year and many apps on Google Play Store are being infected with Joker malware.
That’s all for today.