神刀安全网

漏洞标题: 针对钓鱼拦截马apk逆向分析(大量受害者)

漏洞详情

披露状态:

2016-04-19: 细节已通知厂商并且等待厂商处理中
2016-04-22: 厂商已经确认,细节仅向厂商公开
2016-05-02: 细节向核心白帽子及相关领域专家公开
2016-05-12: 细节向普通白帽子公开
2016-05-22: 细节向实习白帽子公开
2016-06-06: 细节向公众公开

简要描述:

最近电信诈骗,钓鱼是个热门,针对几个apk进行逆向分析。

大致类型分为三种,第一;邮箱接收 不加密 第二:邮箱接收 加密 第三:手机接收

详细说明:

漏洞标题:  针对钓鱼拦截马apk逆向分析(大量受害者)

漏洞标题:  针对钓鱼拦截马apk逆向分析(大量受害者)

定位到10086 (1)/Project/smali/com/phone/stop/db/a.smali

code 区域
.method public h()Ljava/lang/String;
.locals 3

iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;

const-string v1, "a60"

const-string v2, "aa13178899187@**.**.**.**"

invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

move-result-object v0

return-object v0
.end method

.method public h(Z)V
.locals 2

iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;

invoke-interface {v0}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor;

move-result-object v0

const-string v1, "has_send_phone_info"

invoke-interface {v0, v1, p1}, Landroid/content/SharedPreferences$Editor;->putBoolean(Ljava/lang/String;Z)Landroid/content/SharedPreferences$Editor;

invoke-interface {v0}, Landroid/content/SharedPreferences$Editor;->commit()Z

return-void
.end method

.method public i()Ljava/lang/String;
.locals 3

iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;

const-string v1, "a70"

const-string v2, "aa13178899187@**.**.**.**"

invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

move-result-object v0

return-object v0
.end method

.method public i(Z)V
.locals 2

iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;

invoke-interface {v0}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor;

move-result-object v0

const-string v1, "has_send_contacts"

invoke-interface {v0, v1, p1}, Landroid/content/SharedPreferences$Editor;->putBoolean(Ljava/lang/String;Z)Landroid/content/SharedPreferences$Editor;

invoke-interface {v0}, Landroid/content/SharedPreferences$Editor;->commit()Z

return-void
.end method

.method public j()Ljava/lang/String;
.locals 3

iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;

const-string v1, "a80"

const-string v2, "123456qq"

几个apk都是在这个位置

有些加密的

code 区域
.method public p()Ljava/lang/String;
.locals 3

iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;

const-string v1, "receive_email_account"

const-string v2, "0670c32ce2e01835626259e19b7afc5142c4667d5d21f62b"

invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;

move-result-object v0

return-object v0
.end method

.method public q()Z
.locals 3

iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;

const-string v1, "has_set_receive_email_account"

const/4 v2, 0x0

invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getBoolean(Ljava/lang/String;Z)Z

move-result v0

return v0
.end method

.method public r()Ljava/lang/String;
.locals 3

iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;

const-string v1, "send_email_pwd"

const-string v2, "079a82dbbb2bafefd0c3804faf7f793c"

获得进行登陆

漏洞标题:  针对钓鱼拦截马apk逆向分析(大量受害者)

漏洞标题:  针对钓鱼拦截马apk逆向分析(大量受害者)

漏洞证明:

aa13178899187@**.**.**.** 123456qq

asdoiqpjvb@**.**.**.** qwe1314poi890bn

修复方案:

剧归属地查询以及受害群体,

广州有伪基站

版权声明:转载请注明来源 路人甲@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: 针对钓鱼拦截马apk逆向分析(大量受害者)

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址