different certificate: the fake version is using a certificate mimicking the Google one.The fake Snapchat application is completely different from the original one: The samples were compared both structurally and according to its behaviour with the original Snapchat APK coming from the official Play Store. The following is a video showing the behavior of the application: As last step the application asks to be rated on the Google Play Store, after doing that nothing happens and the “Connection Error” message will be shown coupled with a “Try again” button after clicking it the Ads cycle will start once again.ĭuring execution the application establishes connections to different IPs, all owned by Google Ads (172.217.6.170, 172.217.12.65, 172.217.2.227, 172.217.2.226, 216.58.218.98, 216.58.194.67, 216.58.218.194, 216.58.218.193). The user will enable connectivity, if not already available, and will continue through messages and Ads. It’s clear that the attacker needs to make sure that the user is connected to be able to fetch and display the Ads. Between an Ad and the other the application also shows to the user different messages like: “Attention App Requires Internet Connection Before Proceed Make Sure You are Connected.” or “Connection Error”. BehaviorĪfter starting the application the user will be greeted by an Ad, after closing it and clicking on the “Next” button shown on the screen additional Ads will be loaded. The campaign in fact was stopped very early, following exponential downloads growth and our report to Google. The number of ratings and installation doubled in 24 hours. In the above archive history we can see that on August 6th 2017 the fake Snapchat on Google Play Store got 2,127 ratings with 1,000 – 5,000 installations, on August 7th 2017 we can see 4,244 ratings with 5,000 – 10,000 installations. Google removed the app from the playstore – Aug 7th, 2017 at 6:39 PMĪs the Google Play Store page has now been removed, all the information can been seen at the following Archive links.Reported to Google – Aug 5th, 2017 at 11:34 PM.Initial detection and analysis: August 5th, 2017. The fake version of Snapchat app is using “Snap Inc. Zimperium discovered and reported a fake version of the popular Snapchat app in the official Google Play Store At the time of our discovery, it was the second result when searching for “Snapchat”.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |