Posts

Showing posts from September, 2016

Analyzing Gugi Android Banker

Image
Today we are going to take a look at Gugi , an Android banker which has been heavily spread on August. Although it was released on 2015, this latest month has been the one most seen. As Kapersky labs points, this sample distributed through SMS which lead to fraud pages where the APK was downloaded. The downloaded APK was indeed a banker, which once installed blocked the usage of the device in case the asked permissions weren’t given. The first thing we see is that when it’s installed it asks for overlay authorization, as well as device administration rights. It will also ask for extra permissions on the fly: if (checkSelfPermission("android.permission.READ_PHONE_STATE") != 0) {       ((ArrayList)localObject).add("android.permission.READ_PHONE_STATE");     }     if (checkSelfPermission("android.permission.READ_SMS") != 0) {       ((ArrayList)localObject).add("android.permission.READ_SMS");     }185.93.185.14     if (checkSelfPermission("andro