꿈을꾸는 파랑새

코로나 19 상황으로 사람들이 고통을 받고 있습니다. 해당 악성코드는 정부 지원금을 주겠다고 하고 있으며 보이스피싱 악성코드인 kakaobank.apk(2022.2.14)에 대해 알아보겠습니다. 일단 해당 악성코드는 http://tokenpocketo(.)com/ 으로 유포가 되고 있으며 http://tokenpocketo(.)com/kakaobank(.)apk 으로 해서 악성코드가 다운로드 되어서 사용자가 다운로드 해서 설치를 하고 실행을 하면 실행이 됩니다. 웹 소스를 보면 다음과 같이 돼 있는 것을 확인할 수가 있습니다.

카카오톡 보이스피싱 사이트
카카오톡 보이스피싱 사이트

<body>
    <div style="height:90%;"><img src="./img/kakao_img1.png" style="width:100%;height: 100%"></div>
    <div class="download">
        <a href="./kakaobank(.)apk">
            <img src="./img/kakao_img2.png" style="width:100%;">
        </a>
    </div>
</body>

그리고 악성코드 해시값은 다음과 같습니다.
파일명:kakaobank.apk
사이즈:17.0 MB
CRC32:eb85d089
MD5:7d3890f4a96d4c6937a5d0e6c3993009
SHA-1:88274f68ed36c69b20fedf30f64b8b3b14edeafa
SHA-256:a503c7436fdb1ba581b30eb22e20fb759cb2c6874266430f6dab017a437a2d81

보이스피싱 앱에 포함된 고객센터 녹음 파일
보이스피싱 앱에 포함된 고객센터 녹음 파일

입니다. 그리고 악성코드는 정상적인 은행 고객센터로 위장하기 위해서 녹음이 된 고객센터 안내멘트가 들어가 져 있는 것을 확인할 수가 있으면 해당 내용을 들어보면 음질이 떨어지는 것을 확인할 수가 있어서 쉽게 해당 가짜 고객센터인 것을 눈치를 챌 수가 있을 것입니다.

카카오뱅크 악성코드 실행
카카오뱅크 악성코드 실행

해당 악성코드 안드로이드 권한은 다음과 같습니다.

악성코드 권한
악성코드 권한

<uses-permission android:name="android.permission.GET_TASKS"/>
<uses-permission android:name="android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS"/>
<uses-permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"/>
<uses-permission android:name="android.permission.VIBRATE"/>
<uses-permission android:name="android.permission.WRITE_SYNC_SETTINGS"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.PROCESS_OUTGOING_CALLS"/>
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
<uses-permission android:name="android.permission.READ_CALL_LOG"/>
<uses-permission android:name="android.permission.WRITE_CALL_LOG"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-permission android:name="android.permission.DISABLE_KEYGUARD"/>
<uses-permission android:name="android.permission.READ_SMS"/>
<uses-permission android:name="android.permission.RECEIVE_SMS"/>
<uses-permission android:name="android.permission.REORDER_TASKS"/>
<uses-permission android:name="android.permission.READ_CONTACTS"/>
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS"/>
<uses-permission android:name="android.permission.GET_ACCOUNTS"/>
<uses-permission android:name="android.permission.CALL_PHONE"/>
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
<uses-permission android:name="android.permission.SET_ALARM"/>
<uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
<uses-permission android:name="android.permission.CAMERA"/>
<uses-permission android:name="android.permission.RECORD_AUDIO"/>
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS"/>
<uses-permission android:name="android.permission.BLUETOOTH"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.ANSWER_PHONE_CALLS"/>
<uses-permission android:name="android.permission.PROCESS_INCOMING_CALLS"/>
<uses-permission android:name="android.permission.WRITE_SMS"/>
<uses-permission android:name="android.permission.REQUEST_DELETE_PACKAGES"/>
<uses-permission android:name="android.permission.MODIFY_PHONE_STATE"/>

악성코드 권한을 보면 사실상 안드로이드 권한은 다 넘어가는 것을 볼 수가 있습니다.

보이스피싱 정부지원자금 신청
보이스피싱 정부지원자금 신청


그리고 IMEI 권한은 다음과 같습니다.

악성코드 IMEI 정보 획득
악성코드 IMEI 정보 획득

String str2 = null;
        if (!c2.m1650h(c != 0 ? C0072d.m7367a(i, "jwZ`nzz~") : null)) {
            C1782e c3 = C1782e.m1655c(context);
            if (Integer.parseInt(str) == 0) {
                i5 = 223;
            }
            return c3.m1653e(C0072d.m7367a(i5, ";%7+ !\u001a(2%+/9"));
        }
        String deviceId = ((TelephonyManager) context.getSystemService(C0072d.m7367a(3, "sljhb"))).getDeviceId();
        if (deviceId == null) {
            deviceId = m1483d();
        }
        if (deviceId.isEmpty()) {
            deviceId = ((TelephonyManager) context.getSystemService(C0072d.m7367a(31, "ohnlf"))).getSimSerialNumber();
        }
        if (deviceId.isEmpty()) {
            deviceId = C1873l.m1454p();
        }
        C1782e c4 = C1782e.m1655c(context);
        if (Integer.parseInt(str) != 0) {
            str = str;
            i6 = 1;
            i2 = 4;
        } else {
            i2 = 14;
            str = "1";
        }
        if (i2 != 0) {
            str2 = C0072d.m7367a(i6, "jwZ`nzz~");
            i3 = 0;
        } else {
            i3 = i2 + 9;
        }
        if (Integer.parseInt(str) != 0) {
            i4 = i3 + 8;
        } else {
            c4.m1648j(str2);
            c4 = C1782e.m1655c(context);
            i4 = i3 + 13;
        }
        if (i4 != 0) {
            i5 = 4;
        }
        c4.m1647k(C0072d.m7367a(i5, "``pnklUey`ljb"), deviceId);
        return deviceId;
    }

과 그리고 전화번호 관련 접근 코드입니다.

/* renamed from: f */
    public static String m1481f(Context context) {
        String line1Number = ((TelephonyManager) (Integer.parseInt("0") != 0 ? null : context.getSystemService(C0072d.m7367a(67, "3,*(\"")))).getLine1Number();
        return TextUtils.isEmpty(line1Number) ? C0072d.m7367a(4, "Qkmig~d") : (line1Number.length() <= 1 || line1Number.charAt(0) != '+') ? line1Number : line1Number.substring(1);
    }

    /* renamed from: g */
    public static boolean m1480g(Context context) {
        int i;
        char c;
        String str = "0";
        if (Build.VERSION.SDK_INT >= 21) {
            return ((TelecomManager) context.getSystemService(C0072d.m7367a(149, "as{}zuv"))).isInCall();
        }
        TelephonyManager telephonyManager = (TelephonyManager) context.getSystemService(C0072d.m7367a(-102, "jsss{"));
        try {
            if (Integer.parseInt(str) != 0) {
                c = 6;
                str = str;
                i = 1;
            } else {
                str = "42";
                c = 11;
                i = 160;
            }
            Method method = null;
            String a = c != 0 ? C0072d.m7367a(i, "gdvJP`jbxaeeu") : null;
            if (Integer.parseInt(str) == 0) {
                method = TelephonyManager.class.getDeclaredMethod(a, null);
            }
            method.setAccessible(true);
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

악성코드 카메라 권한 접근
악성코드 카메라 권한 접근

그리고 카메라 관한 코드는 다음과 같습니다.

@Override // io.agora.rtc.video.VideoCapture
    public int setExposure(float f, float f2, boolean z) {
        int i;
        String str;
        StringBuilder sb;
        int i2;
        int i3;
        String str2;
        int i4;
        String str3;
        int i5;
        int i6;
        int i7;
        String str4;
        int i8;
        int i9;
        int i10;
        int i11;
        String str5;
        int i12;
        int i13;
        StringBuilder sb2;
        int i14;
        char c;
        String str6;
        int i15;
        String str7 = "0";
        char c2 = 7;
        str7 = "37";
        String str8 = "\f\u0011\u001c\u0017\u0001\u0015d";
        if (Integer.parseInt(str7) != 0) {
            str = str7;
            i = 7;
        } else {
            str8 = C0070b.m7368a(str8, 111);
            str = str7;
            i = 9;
        }
        String str9 = null;
        int i16 = 0;
        if (i != 0) {
            sb = new StringBuilder();
            str = str7;
            i2 = 0;
        } else {
            i2 = i + 10;
            sb = null;
        }
        if (Integer.parseInt(str) != 0) {
            i5 = i2 + 12;
            str3 = null;
            str2 = str;
            i4 = 0;
            i3 = 0;
        } else {
            i4 = -7;
            i5 = i2 + 9;
            str3 = "paqC\u007fxfy~~h.lq}~vp5uvu|hz<|nv1!z#9%";
            str2 = str7;
            i3 = -10;
        }
        if (i5 != 0) {
            str3 = C0070b.m7368a(str3, i4 - i3);
            str2 = str7;
            i6 = 0;
        } else {
            i6 = i5 + 11;
        }
        if (Integer.parseInt(str2) != 0) {
            i7 = i6 + 4;
        } else {
            sb.append(str3);
            sb.append(f);
            i7 = i6 + 11;
            str2 = str7;
        }
        if (i7 != 0) {
            i10 = 65;
            str4 = ",t.20";
            str2 = str7;
            i9 = 0;
            i8 = 107;
        } else {
            i9 = i7 + 11;
            i10 = 0;
            i8 = 0;
            str4 = null;
        }
        int i17 = 13;
        if (Integer.parseInt(str2) != 0) {
            i11 = i9 + 9;
        } else {
            str4 = C0070b.m7368a(str4, i10 + i8);
            i11 = i9 + 13;
        }
        if (i11 != 0) {
            sb.append(str4);
            sb.append(f2);
        }
        Logging.m85d(str8, sb.toString());
        if (this.mCamera == null) {
            return -1;
        }
        if (f < 0.0f || f > 1.0f || f2 < 0.0f || f2 > 1.0f) {
            String str10 = "EFELXJ=";
            if (Integer.parseInt(str7) != 0) {
                str7 = str7;
            } else {
                str10 = C0070b.m7368a(str10, 6);
                c2 = '\n';
            }
            if (c2 != 0) {
                i16 = -64;
                str9 = "xiy.jha}`ags7mwh~}nqqacnf$lhw}}y";
            }
            if (Integer.parseInt(str7) == 0) {
                str9 = C0070b.m7368a(str9, i16 - 53);
            }
            Logging.m83e(str10, str9);
            return -1;
        }
        Rect calculateTapArea = Integer.parseInt(str7) != 0 ? null : calculateTapArea(f, f2, 1.5f);
        if (this.mCamera != null) {
            Camera.Parameters cameraParameters = getCameraParameters();
            if (cameraParameters == null) {
                return -1;
            }
            int i18 = 57;
            if (cameraParameters.getMaxNumMeteringAreas() > 0) {
                ArrayList arrayList = new ArrayList();
                if (Integer.parseInt(str7) != 0) {
                    arrayList = null;
                } else {
                    arrayList.add(new Camera.Area(calculateTapArea, 800));
                }
                cameraParameters.setMeteringAreas(arrayList);
            } else {
                String str11 = "\b\r\u0000\u000b\u001d\u0011`";
                if (Integer.parseInt(str7) != 0) {
                    c = 6;
                } else {
                    str11 = C0070b.m7368a(str11, 1995);
                    c = 14;
                }
                if (c != 0) {
                    i15 = 55;
                    str6 = "r%5'1-+!g);/*?m  $q!&$%9%,<>";
                } else {
                    str6 = null;
                    i15 = 0;
                }
                Logging.m80i(str11, C0070b.m7368a(str6, i15 * 57));
            }
            try {
                this.mCamera.setParameters(cameraParameters);
                this.mCamera.startPreview();
            } catch (Exception e) {
                String str12 = "\u001cALGQE4";
                if (Integer.parseInt(str7) != 0) {
                    i12 = 1;
                    str5 = str7;
                } else {
                    i12 = 1023;
                    str5 = str7;
                    i17 = 6;
                }
                if (i17 != 0) {
                    str12 = C0070b.m7368a(str12, i12);
                    sb2 = new StringBuilder();
                    str5 = str7;
                    i13 = 0;
                } else {
                    i13 = i17 + 12;
                    sb2 = null;
                }
                if (Integer.parseInt(str5) != 0) {
                    i14 = i13 + 7;
                    str7 = str5;
                    i18 = 0;
                } else {
                    i16 = 33;
                    i14 = i13 + 11;
                    str9 = "*?/\u0019%.0340&d#'.$,.gl";
                }
                if (i14 != 0) {
                    str9 = C0070b.m7368a(str9, i16 * i18);
                }
                if (Integer.parseInt(str7) == 0) {
                    sb2.append(str9);
                    sb2.append(e);
                }
                Logging.m83e(str12, sb2.toString());
                return -1;
            }
        }
        long j = this.mNativeVideoCaptureDeviceAndroid;
        if (j != 0) {
            NotifyCameraExposureAreaChanged(f, f2, 0.0f, 0.0f, j);
        }
        return 0;
    }

    @Override // io.agora.rtc.video.VideoCapture
    public int setFocus(float f, float f2, boolean z) {
        char c;
        int i;
        String str;
        char c2;
        String str2;
        char c3;
        int i2;
        final String str3;
        int i3;
        int i4;
        StringBuilder sb;
        int i5;
        String str4;
        int i6;
        String str5;
        int i7;
        String str6;
        char c4;
        String str7;
        int i8;
        int i9;
        int i10;
        int i11;
        StringBuilder sb2;
        int i12;
        int i13;
        int i14;
        String str8;
        String str9 = "TYT_I],";
        String str10 = "0";
        if (Integer.parseInt(str10) != 0) {
            c = '\t';
        } else {
            str9 = C0070b.m7368a(str9, 23);
            str10 = "5";
            c = 14;
        }
        if (c != 0) {
            str = "w`rAgj\u007fx,noc|tv3wt{rjx:zlt/";
            str10 = "0";
            i = 628;
        } else {
            str = null;
            i = 256;
        }
        if (Integer.parseInt(str10) == 0) {
            str = C0070b.m7368a(str, i / Constants.ERR_WATERMARK_READ);
        }
        Logging.m85d(str9, str);
        if (this.mCamera == null) {
            return -1;
        }
        int i15 = 27;
        char c5 = 7;
        int i16 = 0;
        if (f < 0.0f || f > 1.0f || f2 < 0.0f || f2 > 1.0f) {
            String str11 = "\u0002\u0003\u000e\u0001\u0017\u0007v";
            String str12 = "0";
            if (Integer.parseInt(str12) != 0) {
                c2 = 14;
            } else {
                str11 = C0070b.m7368a(str11, -31);
                str12 = "5";
                c2 = 7;
            }
            if (c2 != 0) {
                str2 = "2'7d#)$=:j>\"?+.#><2693w17*.(.";
                i16 = -36;
                str12 = "0";
            } else {
                str2 = null;
            }
            if (Integer.parseInt(str12) == 0) {
                str2 = C0070b.m7368a(str2, i16 - 27);
            }
            Logging.m83e(str11, str2);
            return -1;
        }
        Rect calculateTapArea = Integer.parseInt("0") != 0 ? null : calculateTapArea(f, f2, 1.0f);
        Rect calculateTapArea2 = calculateTapArea(f, f2, 1.5f);
        char c6 = 2;
        int i17 = 1;
        try {
            this.mCamera.cancelAutoFocus();
        } catch (RuntimeException e) {
            String str13 = "\u000f\f\u0003\n\u0002\u0010c";
            String str14 = "0";
            if (Integer.parseInt(str14) != 0) {
                i9 = 12;
                i10 = 1;
            } else {
                str14 = "5";
                i10 = -52;
                i9 = 2;
            }
            if (i9 != 0) {
                str13 = C0070b.m7368a(str13, i10);
                sb2 = new StringBuilder();
                str14 = "0";
                i11 = 0;
            } else {
                i11 = i9 + 14;
                sb2 = null;
            }
            if (Integer.parseInt(str14) != 0) {
                i13 = i11 + 9;
                str8 = null;
                i14 = 0;
                i12 = 0;
            } else {
                str8 = "\u0006 +/!!f3'i)*\".\"*p\u0010'';\u001394-*";
                i14 = 46;
                i12 = -18;
                i13 = i11 + 7;
            }
            if (i13 != 0) {
                str8 = C0070b.m7368a(str8, i14 - i12);
            }
            sb2.append(str8);
            sb2.append(e);
            Logging.m78w(str13, sb2.toString());
        }
        Camera.Parameters cameraParameters = getCameraParameters();
        if (cameraParameters == null) {
            return -1;
        }
        if (cameraParameters.getMaxNumFocusAreas() > 0) {
            ArrayList arrayList = new ArrayList();
            if (Integer.parseInt("0") != 0) {
                arrayList = null;
            } else {
                arrayList.add(new Camera.Area(calculateTapArea, 800));
            }
            cameraParameters.setFocusAreas(arrayList);
        } else {
            String str15 = "EFELXJ=";
            if (Integer.parseInt("0") != 0) {
                c4 = '\n';
            } else {
                str15 = C0070b.m7368a(str15, 6);
                c4 = TokenParser.f5641CR;
            }
            if (c4 != 0) {
                str7 = "cid}z*j~ho|0\u007f}g4fcghvhoyy";
                i8 = 529;
            } else {
                i8 = 256;
                str7 = null;
            }
            Logging.m80i(str15, C0070b.m7368a(str7, i8 / 100));
        }
        if (cameraParameters.getMaxNumMeteringAreas() > 0) {
            ArrayList arrayList2 = new ArrayList();
            if (Integer.parseInt("0") != 0) {
                arrayList2 = null;
            } else {
                arrayList2.add(new Camera.Area(calculateTapArea2, 800));
            }
            cameraParameters.setMeteringAreas(arrayList2);
        } else {
            String str16 = "_\\SZ\u0012\u0000s";
            if (Integer.parseInt("0") != 0) {
                c5 = '\b';
            } else {
                str16 = C0070b.m7368a(str16, 60);
            }
            if (c5 != 0) {
                str6 = "fiyk}y\u007fu3ugsvk9tth=mj01-10 \"";
                i7 = 15;
            } else {
                str6 = null;
                i7 = 0;
            }
            Logging.m80i(str16, C0070b.m7368a(str6, i7 * 37));
        }
        String focusMode = cameraParameters.getFocusMode();
        if (Integer.parseInt("0") != 0) {
            str3 = null;
            i2 = 0;
            c3 = 14;
        } else {
            focusMode = "*)*8$";
            i2 = 31;
            c3 = 6;
            str3 = focusMode;
        }
        if (c3 != 0) {
            focusMode = C0070b.m7368a(focusMode, i2 * 57);
        }
        if (isSupported(focusMode, cameraParameters.getSupportedFocusModes())) {
            cameraParameters.setFocusMode(C0070b.m7368a("|spfz", 817));
            synchronized (this.mObjectLock) {
                this.mCamera.setParameters(cameraParameters);
            }
        } else {
            String str17 = "dlgpu";
            if (Integer.parseInt("0") != 0) {
                i6 = 1;
                c6 = 6;
            } else {
                i6 = 162;
            }
            if (c6 != 0) {
                str17 = C0070b.m7368a(str17, i6);
                str5 = "\u001b\u0011\u001c\u0015\u0012\u001d\u000e\u000b\u0001\u0003\u0018\u0005\b\t\u0019\u0003m'<p?='t&#'(6(/99";
            } else {
                str5 = null;
            }
            Logging.m80i(str17, C0070b.m7368a(str5, -35));
        }
        try {
            this.mCamera.autoFocus(new Camera.AutoFocusCallback() { // from class: io.agora.rtc.video.VideoCaptureCamera.3
                @Override // android.hardware.Camera.AutoFocusCallback
                public void onAutoFocus(boolean z2, Camera camera) {
                    if (VideoCaptureCamera.this.mCamera != null) {
                        Camera.Parameters parameters = camera.getParameters();
                        if (Integer.parseInt("0") != 0) {
                            parameters = null;
                        } else {
                            parameters.setFocusMode(str3);
                        }
                        synchronized (VideoCaptureCamera.this.mObjectLock) {
                            camera.setParameters(parameters);
                        }
                    }
                }
            });
            long j = this.mNativeVideoCaptureDeviceAndroid;
            if (j != 0) {
                NotifyCameraFocusAreaChanged(f, f2, 0.0f, 0.0f, j);
            }
            return 0;
        } catch (Exception e2) {
            String str18 = "FGJM[K:";
            String str19 = "0";
            if (Integer.parseInt(str19) != 0) {
                i3 = 14;
            } else {
                str19 = "5";
                i17 = 5;
                i3 = 10;
            }
            if (i3 != 0) {
                str18 = C0070b.m7368a(str18, i17);
                sb = new StringBuilder();
                str19 = "0";
                i4 = 0;
            } else {
                i4 = i3 + 11;
                sb = null;
            }
            if (Integer.parseInt(str19) != 0) {
                i5 = i4 + 6;
                i15 = 0;
                str4 = null;
            } else {
                str4 = "nGdkbzh$jyyaI\u007frg`4Pnt}inrss$?";
                i5 = i4 + 5;
                str19 = "5";
                i16 = 57;
            }
            if (i5 != 0) {
                str4 = C0070b.m7368a(str4, i15 * i16);
                str19 = "0";
            }
            if (Integer.parseInt(str19) == 0) {
                sb.append(str4);
                sb.append(e2);
            }
            Logging.m78w(str18, sb.toString());
            return -1;
        }
    }

    @Override // io.agora.rtc.video.VideoCapture
    public int setTorchMode(boolean z) {
        Camera.Parameters cameraParameters;
        int i;
        String str;
        if (this.mCamera == null || (cameraParameters = getCameraParameters()) == null) {
            return -2;
        }
        List<String> supportedFlashModes = cameraParameters.getSupportedFlashModes();
        if (supportedFlashModes == null || !supportedFlashModes.contains(C0070b.m7368a("#7+93", 2135))) {
            return -1;
        }
        if (z) {
            i = 49;
            str = "e}aw}";
        } else {
            i = 1209;
            str = "v|}";
        }
        cameraParameters.setFlashMode(C0070b.m7368a(str, i));
        this.mCamera.setParameters(cameraParameters);
        return 0;
    }

    @Override // io.agora.rtc.video.VideoCapture
    public int setZoom(float f) {
        char c;
        String str;
        String str2;
        int i;
        StringBuilder sb;
        int i2;
        String str3;
        String str4;
        int i3;
        int i4;
        int i5;
        String str5;
        int i6;
        if (f < 0.0f) {
            return -1;
        }
        float f2 = 100.0f;
        String str6 = "0";
        if (Integer.parseInt(str6) != 0) {
            c = 4;
        } else {
            f *= 100.0f;
            f2 = 0.5f;
            c = 2;
        }
        int i7 = 1;
        int i8 = c != 0 ? (int) (f + f2) : 1;
        List<Integer> zoomRatios = getZoomRatios();
        if (zoomRatios == null) {
            return -1;
        }
        int i9 = 0;
        while (true) {
            if (i9 >= zoomRatios.size()) {
                i9 = 0;
                break;
            } else if (i8 <= zoomRatios.get(i9).intValue()) {
                break;
            } else {
                i9++;
            }
        }
        if (this.mCamera != null) {
            Camera.Parameters cameraParameters = getCameraParameters();
            if (isZoomSupported(cameraParameters)) {
                int i10 = 5;
                String str7 = null;
                if (i9 > cameraParameters.getMaxZoom()) {
                    String a = Integer.parseInt(str6) != 0 ? null : C0072d.m7367a(5, "FGJM[K:");
                    if (Integer.parseInt(str6) == 0) {
                        i7 = 225;
                        str7 = ";-,)e0&$</k%>n#1#56&u\"?97z6=%\u00040ol\"ueisb";
                    }
                    Logging.m78w(a, C0072d.m7367a(i7, str7));
                    return -1;
                }
                cameraParameters.setZoom(i9);
                try {
                    this.mCamera.setParameters(cameraParameters);
                } catch (Exception e) {
                    str6 = "19";
                    if (Integer.parseInt(str6) != 0) {
                        str = str6;
                        str2 = null;
                        i = 1;
                    } else {
                        i = 561;
                        str2 = "RS^QGW&";
                        str = str6;
                        i10 = 7;
                    }
                    if (i10 != 0) {
                        str3 = C0072d.m7367a(i, str2);
                        sb = new StringBuilder();
                        str = str6;
                        i2 = 0;
                    } else {
                        i2 = i10 + 4;
                        str3 = null;
                        sb = null;
                    }
                    if (Integer.parseInt(str) != 0) {
                        i4 = i2 + 9;
                        str4 = str;
                        i3 = 1;
                    } else {
                        i3 = 144;
                        i4 = i2 + 14;
                        str4 = str6;
                    }
                    if (i4 != 0) {
                        str5 = C0072d.m7367a(i3, "ctfCugwz}m\u007fio=x~imgg(%|hgdFnzhb50");
                        str4 = str6;
                        i5 = 0;
                    } else {
                        i5 = i4 + 7;
                        str5 = null;
                    }
                    if (Integer.parseInt(str4) != 0) {
                        i6 = i5 + 4;
                        str6 = str4;
                    } else {
                        sb.append(str5);
                        sb.append(i9);
                        i6 = i5 + 4;
                    }
                    if (i6 != 0) {
                        i7 = 1071;
                    }
                    if (Integer.parseInt(str6) == 0) {
                        str7 = C0072d.m7367a(i7, "#0");
                    }
                    sb.append(str7);
                    sb.append(e);
                    Logging.m78w(str3, sb.toString());
                }
            }
        }
        return 0;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // io.agora.rtc.video.VideoCapture
    public int startCapture(int i, int i2, int i3) {
        String str;
        boolean z;
        VideoCaptureCamera videoCaptureCamera;
        int i4;
        String str2;
        int i5;
        String str3;
        String str4;
        int i6;
        int i7 = 14;
        int i8 = -1;
        int i9 = 0;
        String str5 = "32";
        str5 = "0";
        String str6 = null;
        if (this.mCamera == null) {
            if (Integer.parseInt(str5) != 0) {
                i7 = 7;
                str5 = str5;
                str4 = null;
            } else {
                str4 = C0072d.m7367a(2907, "\u0018\u001d\u0010\u001b\r\u0001p");
            }
            if (i7 != 0) {
                i9 = 88;
                i6 = 34;
            } else {
                i6 = 0;
            }
            if (Integer.parseInt(str5) == 0) {
                str6 = C0072d.m7367a(i9 + i6, ")/=/*\u001caqvvv`<'khgn~l.fc1|fxy76");
            }
            Logging.m83e(str4, str6);
            return -1;
        }
        SurfaceHolder GetLocalRenderer = ViERenderer.GetLocalRenderer();
        this.mLocalPreview = GetLocalRenderer;
        char c = 15;
        char c2 = 6;
        int i10 = 1;
        if (GetLocalRenderer != null) {
            if (GetLocalRenderer.getSurface() != null && this.mLocalPreview.getSurface().isValid()) {
                surfaceCreated(this.mLocalPreview);
            }
            this.mLocalPreview.addCallback(this);
        } else {
            this.mCaptureLock.lock();
            try {
                SurfaceTexture surfaceTexture = new SurfaceTexture(42);
                this.mDummySurfaceTexture = surfaceTexture;
                this.mCamera.setPreviewTexture(surfaceTexture);
                this.mCaptureLock.unlock();
            } catch (Exception unused) {
                if (Integer.parseInt(str5) != 0) {
                    str2 = null;
                    i5 = 1;
                } else {
                    i5 = 795;
                    str2 = "X]P[MA0";
                }
                String a = C0072d.m7367a(i5, str2);
                if (Integer.parseInt(str5) != 0) {
                    str3 = null;
                } else {
                    i10 = 4;
                    str3 = "bdokmm*\u007fc-}{qcfCfp`~}n6;ush~lhf#wptaijo_iuzzbt3";
                    c = 6;
                }
                if (c != 0) {
                    Logging.m83e(a, C0072d.m7367a(i10, str3));
                }
                this.mDummySurfaceTexture = null;
                return -1;
            } finally {
            }
        }
        ReentrantLock reentrantLock = this.mCaptureLock;
        if (Integer.parseInt(str5) != 0) {
            str = str5;
            videoCaptureCamera = null;
            z = false;
        } else {
            reentrantLock.lock();
            c2 = '\b';
            z = true;
            videoCaptureCamera = this;
            str = str5;
        }
        if (c2 != 0) {
            videoCaptureCamera.isCaptureStarted = z;
            videoCaptureCamera = this;
            i4 = i;
            str = str5;
        } else {
            i4 = 1;
        }
        if (Integer.parseInt(str) == 0) {
            videoCaptureCamera.mCaptureWidth = i4;
            videoCaptureCamera = this;
            i4 = i2;
        }
        videoCaptureCamera.mCaptureHeight = i4;
        this.mCaptureFps = i3;
        try {
            i8 = tryStartCapture(i, i2, i3);
        } finally {
            try {
                return i8;
            } finally {
            }
        }
        return i8;
    }

    @Override // io.agora.rtc.video.VideoCapture
    public int stopCapture() {
        String str;
        int i;
        String str2;
        String str3;
        VideoCaptureCamera videoCaptureCamera;
        int i2;
        int i3;
        Camera camera;
        int i4;
        ReentrantLock reentrantLock;
        Camera camera2;
        String str4;
        int i5;
        int i6;
        String str5;
        char c;
        String str6;
        int i7;
        int i8;
        String str7;
        String str8 = "6";
        int i9 = 0;
        str8 = "0";
        String str9 = null;
        if (!this.isCaptureStarted) {
            String a = Integer.parseInt(str8) != 0 ? null : C0072d.m7367a(170, "IJAH\\N!");
            if (Integer.parseInt(str8) == 0) {
                str9 = C0072d.m7367a(47, "n|cwrpl6dlvj;\u007f|nk53'");
            }
            Logging.m78w(a, str9);
            return 0;
        }
        char c2 = 7;
        char c3 = '\b';
        int i10 = 1;
        try {
            if (this.isFaceDetectionStarted) {
                Camera camera3 = this.mCamera;
                if (Integer.parseInt(str8) == 0) {
                    camera3.stopFaceDetection();
                    camera3 = this.mCamera;
                }
                camera3.setFaceDetectionListener(null);
                this.isFaceDetectionStarted = false;
            }
        } catch (RuntimeException e) {
            if (Integer.parseInt(str8) != 0) {
                str6 = null;
                i7 = 1;
                c = '\b';
            } else {
                i7 = 44;
                str6 = "OLCJBP#";
                c = 7;
            }
            if (c != 0) {
                str7 = C0072d.m7367a(i7, str6);
                i8 = -63;
            } else {
                str7 = null;
                i8 = 0;
            }
            Logging.m82e(str7, C0072d.m7367a(i8 - 60, "Cgndln+xb.|d~b3rtur8}\u007foy~jvoo"), e);
        }
        try {
            this.mCamera.cancelAutoFocus();
        } catch (RuntimeException e2) {
            if (Integer.parseInt(str8) != 0) {
                str4 = null;
                i5 = 1;
            } else {
                str4 = "\u001e\u001f\u0012ESC2";
                c3 = 11;
                i5 = 125;
            }
            if (c3 != 0) {
                str5 = C0072d.m7367a(i5, str4);
                i6 = 926;
            } else {
                i6 = 256;
                str5 = null;
            }
            Logging.m82e(str5, C0072d.m7367a(i6 / 141, "@faeoo,ya/sp|pxp6Vmmu]s~kl"), e2);
        }
        try {
            ReentrantLock reentrantLock2 = this.mPreviewBufferLock;
            if (Integer.parseInt(str8) != 0) {
                i2 = 15;
                str3 = str8;
                videoCaptureCamera = null;
            } else {
                reentrantLock2.lock();
                videoCaptureCamera = this;
                str3 = str8;
                i2 = 5;
            }
            if (i2 != 0) {
                videoCaptureCamera.isCaptureRunning = false;
                camera = this.mCamera;
                str3 = str8;
                i3 = 0;
            } else {
                i3 = i2 + 5;
                camera = null;
            }
            if (Integer.parseInt(str3) != 0) {
                i4 = i3 + 4;
                reentrantLock = null;
            } else {
                camera.stopPreview();
                reentrantLock = this.mPreviewBufferLock;
                i4 = i3 + 11;
            }
            if (i4 != 0) {
                reentrantLock.unlock();
                camera2 = this.mCamera;
            } else {
                camera2 = null;
            }
            camera2.setErrorCallback(null);
            this.mCamera.setPreviewCallbackWithBuffer(null);
            this.isCaptureStarted = false;
            return 0;
        } catch (RuntimeException e3) {
            if (Integer.parseInt(str8) != 0) {
                str8 = str8;
                str = null;
                i = 1;
            } else {
                str = "YZQXL^1";
                c2 = 2;
                i = 26;
            }
            if (c2 != 0) {
                str2 = C0072d.m7367a(i, str);
                i9 = -9;
            } else {
                str2 = null;
            }
            if (Integer.parseInt(str8) == 0) {
                i10 = i9 + 26;
                str9 = "Wszxpr7lv:hhrn?c`ofvd";
            }
            Logging.m82e(str2, C0072d.m7367a(i10, str9), e3);
            return -1;
        }
    }

    @Override // android.view.SurfaceHolder.Callback
    public void surfaceChanged(SurfaceHolder surfaceHolder, int i, int i2, int i3) {
    }

    @Override // android.view.SurfaceHolder.Callback
    public void surfaceCreated(SurfaceHolder surfaceHolder) {
        String str;
        int i;
        char c;
        String a;
        char c2;
        String str2 = "0";
        this.mCaptureLock.lock();
        String str3 = null;
        int i2 = 1;
        try {
            Camera camera = this.mCamera;
            if (camera != null) {
                camera.stopPreview();
                this.mCamera.setPreviewDisplay(surfaceHolder);
            }
        } catch (IOException e) {
            e = e;
            str = "PUXSEY(";
            if (Integer.parseInt(str2) != 0) {
                c = 5;
                str2 = str2;
                i = 1;
            } else {
                str2 = "22";
                c = 15;
                i = 819;
            }
            if (c != 0) {
                str = C0070b.m7368a(str, i);
                str3 = "Iqx~vp5bx8j\u007fo<mlz6('4d635.().m";
            }
            if (Integer.parseInt(str2) == 0) {
                i2 = 1071;
            }
            a = C0070b.m7368a(str3, i2);
            Logging.m82e(str, a, e);
            this.mCaptureLock.unlock();
        } catch (RuntimeException e2) {
            e = e2;
            str = "TYT_I],";
            if (Integer.parseInt(str2) != 0) {
                c2 = '\f';
            } else {
                i2 = 23;
                c2 = '\t';
            }
            if (c2 != 0) {
                str = C0070b.m7368a(str, i2);
                str3 = "Cgndln+xb.|d~b3dgsaq|m:";
            }
            a = C0070b.m7368a(str3, 805);
            Logging.m82e(str, a, e);
            this.mCaptureLock.unlock();
        }
        this.mCaptureLock.unlock();
    }

    @Override // android.view.SurfaceHolder.Callback
    public void surfaceDestroyed(SurfaceHolder surfaceHolder) {
        String str;
        int i;
        char c;
        int i2;
        this.mCaptureLock.lock();
        String str2 = null;
        try {
            Camera camera = this.mCamera;
            if (camera != null) {
                camera.setPreviewDisplay(null);
            }
        } catch (IOException e) {
            if (Integer.parseInt("0") != 0) {
                c = '\f';
                i = 1;
                str = null;
            } else {
                i = 104;
                c = 4;
                str = "\u000b\b\u0007\u000e\u001e\f\u007f";
            }
            if (c != 0) {
                str2 = C0072d.m7367a(i, str);
                i2 = 21;
            } else {
                i2 = 0;
            }
            Logging.m82e(str2, C0072d.m7367a(i2 * 31, "Mmdbjt1f|4vzryk:knxhvev\"pqw`fkl+"), e);
        }
        this.mCaptureLock.unlock();
    }
     }

그리고 악성코드 인증서 정보는 다음과 같습니다.

악성코드 인증서 정보
악성코드 인증서 정보

서명자 CERT.RSA (META-INF/CERT.SF)
유형: X.509
버전: 3
시리얼 번호: 0x5890cd53
소유자: CN=a, OU=a, O=a, L=a, ST=a, C=a
유효 시작 시각: Mon Sep 27 22:07:22 GMT+09:00 2021
유효 종료 시각: Fri Feb 12 22:07:22 GMT+09:00 2049
공개키 타입: RSA
지수: 65537
모듈러스 크기 (비트): 2048
모듈러스: 18383097477113640884268914725840847559153157638591137348240142569785845449422886882089036502404289310459499996820122310934068421273503170316775659224304223549365567370282340297760817930130043976479736192108812164757844623656625308263442014385868171567853397978400028719407502626856685272155427693729852330519104229703685684049989225412331111365431236199252699409831382976003082625083164631704079817043530986663424658795750719211683855869111108001841976973984341440002230575612939087434758699716405589532220030733419316175061452978561429998418593795702804485378343309529707354937038279697611199486704549571609148669663
서명 유형: SHA256withRSA
서명 OID: 1.2.840.113549.1.1.11
MD5 지문: BE A3 9D 67 AA F2 29 3F 0A 82 24 C3 F9 1B 8D D6 
SHA-1 지문: FB B3 7A B8 E0 B6 07 E1 2D CE 90 C8 0F 39 A2 CD E2 BC 28 97 
SHA-256 지문: 53 2E AE 62 98 F8 E6 7F 78 18 5F EB D2 7C 14 55 8E 3C 7A A7 A4 EF 6A 64 97 CC EC E1 03 D8 78 9B

2022-04-14 16:15:38 UTC 기준으로 탐지 하고 있는 보안 업체들은 다음과 같습니다.
AhnLab-V3"Trojan/Android.Kaishi.1051078
Alibaba:TrojanSpy:Android/Fakecalls.1684bc23
Antiy-AVL:Trojan/Generic.ASMalwAD.16
Avast-Mobile:Android:Evo-gen [Trj]
Avira (no cloud):ANDROID/Agent.FKCF.Gen
BitDefenderFalx:Android.Trojan.FakeApp.MO
CAT-QuickHeal:Android.Fakenocam.GEN44211
Cynet:Malicious (score: 99)
DrWeb:Android.BankBot.850.origin
ESET-NOD32:A Variant Of Android/Spy.Agent.BRW
Fortinet:Android/Agent.BRW!tr.spy
Ikarus:Trojan.AndroidOS.Agent
K7GW:Trojan ( 005882ce1 )
Kaspersky:HEUR:Trojan-Spy.AndroidOS.Fakenocam.g
Lionic:SUSPICIOUS
MAX:Malware (ai Score=99)
McAfee:Artemis!5F1143288AFF
McAfee-GW-Edition:Artemis!Trojan
Microsoft"Trojan:AndroidOS/Fakecalls.D
Symantec:Trojan.Gen.2
Symantec Mobile Insight:AppRisk:Generisk
Trustlook:Android.Malware.Trojan
기본적으로 이런 악성코드를 예방하고 싶은 분들은 기본적으로 백신 앱을 설치를 하고 사용을 해야 하면 기본적으로 은행 앱들은 구글 플레이 스토어 같은 공식 스토어에서 다운로드 설치 실행을 하시는 것이 안전하면 외부에서 내려받기하는 APK 파일들은 그냥 악성코드가 있을 확률이 높습니다.

반응형
그리드형

공유하기

facebook twitter kakaoTalk kakaostory naver band