Composition Strategy
- Standalone:
- Repackaging: Integrated
- Library:
Installation Strategy
- Drop: ✔
- Drive-by Download:
Activation Strategy
- Event:
- By Host App: ✔
- Scheduling: ✔
Information Stealing
- Personal Information:
- Device Information: ✔
Persistence
- Clean Evidence:
- Prevent Destroy:
Privilege Escalation
- Request Device Admin:
- Root Exploits: fb_mem, fj_hdcp, put_user, sock_diag, msm_acdb
C&C
- Internet Server: ✔
- SMS Server:
- Command Encoding: Json
Anti-analysis Techniques
- Renaming: ✔
- String Encryption:
- Dynamic Loading: ✔
- Native Payload:
- Evade Dynamic Analysis: encrypt network flow
Monetization Methods
- Subscribe to Premium Service:
- Banking Trojan:
- Ransom:
- Aggressive Advertisement: ✔