开盒(?)拼多多
(偷)
**如果您有任何财务限制、技术限制、社会限制,使你被困在中国应用。留意您可用的、帮助减轻您的独特威胁的选择。
拼多多恶意⾏为分析报告:https://github.com/davincifans101/pinduoduo_backdoor_detailed_report/blob/main/report_cn.pdf
- 保活⾏为,指将⾃⼰加⼊系统的⾃启动⽩名单、关联启动⽩名单、后台⽩名单、锁屏⽩名单、悬浮窗、1像素透明图标、省电策略等⽅式,绕过系统强制休眠限制,持续后台存活。修改隐藏⾃⾝耗电量,逃避⽤户注意。
- 通过相关权限,绕过系统限制构造相关全屏⼴告、虚假通知(例如锁屏、解锁、全屏红包消息),诱导⽤户点击;劫持⽤户壁纸,劫持⽤户⽇历、闹钟等;⼀直展⽰消息未读状态,吸引⽤户点击;修改⽤户电池状态。
- 通过假图标、Widget等⽅式,让⽤户在桌⾯⽆法删除app;或通过注⼊系统进程⽅式,拦截回滚⽤户卸载操作
- 通过漏洞,突破隐私合规监管和系统限制,为⾃⾝添加权限,收集⽤户的位置、Wifi、识别码、相册、安装包信息、⽤户帐户信息、历史通知等,甚⾄包括聊天记录,对⽤户进⾏精准画像
- 提权后或通过漏洞,获取其他运⾏情况,获取其他App DAU、MAU和当前⻚⾯,通知历史。监控list中
明确包含淘宝、头条等多个头部⼚商- 提权后攻击其他App、系统App,覆盖⽂件驻留后门,进⾏持久化;为⾃⾝添加权限;杀掉其他App。
- 利⽤应⽤市场接⼝、⼚商⼴告接⼝、浏览器、微信WebView漏洞,实现⽤户点击链接打开⽹⻚即被静默安装拼多多。结合社交裂变,效果巨⼤。通过URL跳转漏洞、XSS漏洞等为⾃⾝链接借助⽩域名加⽩,逃避微信、浏览器封禁
https://play.google.com/store/apps/details?id=com.xunmeng.pinduoduo
Report created on Dec. 2, 2022, 9:53 a.m.
追踪(2):
- JiGuang Aurora Mobile JPush
https://ir.jiguang.cn/corporate-profileFounded in 2011, Aurora Mobile is a leading mobile big data solutions platform in China, pioneered in providing mobile developer services such as push notification, instant messaging, analytics, sharing and short message service (SMS). Aurora Mobile has accumulated data from approximately 1.39 million mobile applications that have utilized the Company’s developer services and nearly 30.8 billion installations of the Company’s software development kits (SDKs), with monthly active unique device base of nearly 1.34 billion, as of September 2019. Based on Aurora Mobile’s vast data coverage and insights garnered, the Company has expanded its offerings into big data solutions, including targeted marketing, financial risk management, market intelligence and location-based intelligence. By utilizing artificial intelligence and machine learning, Aurora Mobile strives to help improve productivity for businesses and society through harnessing the power of mobile big data to derive actionable insights and knowledge.Code detection rule: cn.jpush.androidNetwork detection rule: .*\.jiguang\.cn- Tencent Stats
http://stat.qq.com/AnalyticsCode detection rule: com.tencent.stat | com.tencent.wxop.statNetwork detection rule: NC
权限要求(75):
- ACCESS_COARSE_LOCATION
access approximate location only in the foreground访问最突出的大概位置- ACCESS_FINE_LOCATION
access precise location only in the foreground访问最突出的精确位置- ACCESS_MEDIA_LOCATION
read locations from your media collection从您的媒体收藏中读取位置- ACCESS_NETWORK_STATE
view network connections查看网络连线- ACCESS_WIFI_STATE
view Wi-Fi connections查看Wi-Fi连线- AUTHENTICATE_ACCOUNTS
- BLUETOOTH
pair with Bluetooth devices与蓝牙设备配对- BLUETOOTH_ADMIN
access Bluetooth settings造访造访蓝牙设定- CAMERA
take pictures and videos拍取照片和影像- CHANGE_NETWORK_STATE
change network connectivity更改网络相互接线可能性- CHANGE_WIFI_STATE
connect and disconnect from Wi-Fi从Wi-Fi连线与断线- FLASHLIGHT
- FOREGROUND_SERVICErun foreground service运行前景服务
- GET_ACCOUNTS
find accounts on the device找到设备上的帐户- GET_PACKAGE_SIZEmeasure app storage space计量应用存储空间
- INTERNET
have full network access拥有完整的网络造访权- MANAGE_ACCOUNTS
- MODIFY_AUDIO_SETTINGSchange your audio settings
更改你的音频设定- READ_CONTACTSread your contacts
读取您的联络人- READ_EXTERNAL_STORAGEread the contents of your shared storage
读取您的共享存储内容- READ_LOGS
- READ_PHONE_NUMBERSread phone numbers
读取电话号码- READ_PHONE_STATEread phone status and identity
读取电话狀況和身份- READ_SYNC_SETTINGSread sync settings读取同步设定
- READ_SYNC_STATSread sync statistics读取同步统计资料
- RECEIVE_BOOT_COMPLETEDrun at startup
在启动时运行- RECORD_AUDIOrecord audio
记录音讯- SET_WALLPAPERset wallpaper
设置壁紙- SYSTEM_ALERT_WINDOWThis app can appear on top of other apps
此应用程序可以出现在其他应用程序之上- USE_BIOMETRIC
use biometric hardware使用生物识别硬件- USE_FINGERPRINTuse fingerprint hardware
使用指纹硬件- VIBRATEcontrol vibration
控制震动- WAKE_LOCKprevent phone from sleeping阻止电话睡眠
- WRITE_CALENDARadd or modify calendar events and send email to guests without owners' knowledge
添加或修改日历事件,和在没有所有者了解的狀況下向客人发送电子邮件- WRITE_EXTERNAL_STORAGEmodify or delete the contents of your shared storage
修改或删除你的共享存储内容- WRITE_SYNC_SETTINGS
toggle sync on and off触发同步开/关- SET_ALARM
set an alarm
设置警钟- ID
- INSTALL_SHORTCUT
install shortcuts安装捷径- READ_SETTINGS
- UNINSTALL_SHORTCUTuninstall shortcuts
解除安装捷径- WIRTE_SETTINGS
- READ_SETTINGS
- SHORTCUT_REMOVE
- WRITE_SETTINGS
- XCARD_INSTANT_SERVICE
- CHANGE_BADGE
- READ_SETTINGS
- WRITE_SETTINGS
- GET_COMMON_DATA
- RECEIVE
- READ_SETTINGS
- WRITE_SETTINGS
- PUSH
- RECEIVE
- READ_SETTINGS
- WRITE_SETTINGS
- READ_SETTINGS
- WRITE_USE_APP_FEATURE_SURVEY
- READ
- WRITE
- provider
- broadcast
- StepProvider
- BADGE_ICON
- screentime
- C2D_MESSAGE
- JPUSH_MESSAGE
- lifecycle
- NOTIFICATION_RECORD
- MESSAGE
- remote_config
- READ_STEPS
- READ_SETTINGS
- WRITE_SETTINGS
MvcTemples 23-03-29
最后编辑于: 23-03-29
**如果您有任何财务限制、技术限制、社会限制,使你被困在中国应用。留意您可用的、帮助减轻您的独特威胁的选择。
拼多多恶意⾏为分析报告:https://github.com/davincifans101/pinduoduo_backdoor_detailed_report/blob/main/report_cn.pdf
- 保活⾏为,指将⾃⼰加⼊系统的⾃启动⽩名单、关联启动⽩名单、后台⽩名单、锁屏⽩名单、悬浮窗、1像素透明图标、省电策略等⽅式,绕过系统强制休眠限制,持续后台存活。修改隐藏⾃⾝耗电量,逃避⽤户注意。
- 通过相关权限,绕过系统限制构造相关全屏⼴告、虚假通知(例如锁屏、解锁、全屏红包消息),诱导⽤户点击;劫持⽤户壁纸,劫持⽤户⽇历、闹钟等;⼀直展⽰消息未读状态,吸引⽤户点击;修改⽤户电池状态。
- 通过假图标、Widget等⽅式,让⽤户在桌⾯⽆法删除app;或通过注⼊系统进程⽅式,拦截回滚⽤户卸载操作
- 通过漏洞,突破隐私合规监管和系统限制,为⾃⾝添加权限,收集⽤户的位置、Wifi、识别码、相册、安装包信息、⽤户帐户信息、历史通知等,甚⾄包括聊天记录,对⽤户进⾏精准画像
- 提权后或通过漏洞,获取其他运⾏情况,获取其他App DAU、MAU和当前⻚⾯,通知历史。监控list中 明确包含淘宝、头条等多个头部⼚商
- 提权后攻击其他App、系统App,覆盖⽂件驻留后门,进⾏持久化;为⾃⾝添加权限;杀掉其他App。
- 利⽤应⽤市场接⼝、⼚商⼴告接⼝、浏览器、微信WebView漏洞,实现⽤户点击链接打开⽹⻚即被静默安装拼多多。结合社交裂变,效果巨⼤。通过URL跳转漏洞、XSS漏洞等为⾃⾝链接借助⽩域名加⽩,逃避微信、浏览器封禁
https://play.google.com/store/apps/details?id=com.xunmeng.pinduoduo
Report created on Dec. 2, 2022, 9:53 a.m.
追踪(2):
- JiGuang Aurora Mobile JPush https://ir.jiguang.cn/corporate-profileFounded in 2011, Aurora Mobile is a leading mobile big data solutions platform in China, pioneered in providing mobile developer services such as push notification, instant messaging, analytics, sharing and short message service (SMS). Aurora Mobile has accumulated data from approximately 1.39 million mobile applications that have utilized the Company’s developer services and nearly 30.8 billion installations of the Company’s software development kits (SDKs), with monthly active unique device base of nearly 1.34 billion, as of September 2019. Based on Aurora Mobile’s vast data coverage and insights garnered, the Company has expanded its offerings into big data solutions, including targeted marketing, financial risk management, market intelligence and location-based intelligence. By utilizing artificial intelligence and machine learning, Aurora Mobile strives to help improve productivity for businesses and society through harnessing the power of mobile big data to derive actionable insights and knowledge.Code detection rule: cn.jpush.androidNetwork detection rule: .*\.jiguang\.cn
- Tencent Stats http://stat.qq.com/AnalyticsCode detection rule: com.tencent.stat | com.tencent.wxop.statNetwork detection rule: NC
权限要求(75):
- ACCESS_COARSE_LOCATION access approximate location only in the foreground访问最突出的大概位置
- ACCESS_FINE_LOCATION access precise location only in the foreground访问最突出的精确位置
- ACCESS_MEDIA_LOCATION read locations from your media collection从您的媒体收藏中读取位置
- ACCESS_NETWORK_STATE view network connections查看网络连线
- ACCESS_WIFI_STATE view Wi-Fi connections查看Wi-Fi连线
- AUTHENTICATE_ACCOUNTS
- BLUETOOTH pair with Bluetooth devices与蓝牙设备配对
- BLUETOOTH_ADMIN access Bluetooth settings造访造访蓝牙设定
- CAMERA take pictures and videos拍取照片和影像
- CHANGE_NETWORK_STATE change network connectivity更改网络相互接线可能性
- CHANGE_WIFI_STATE connect and disconnect from Wi-Fi从Wi-Fi连线与断线
- FLASHLIGHT
- FOREGROUND_SERVICErun foreground service运行前景服务
- GET_ACCOUNTS find accounts on the device找到设备上的帐户
- GET_PACKAGE_SIZEmeasure app storage space计量应用存储空间
- INTERNET have full network access拥有完整的网络造访权
- MANAGE_ACCOUNTS
- MODIFY_AUDIO_SETTINGSchange your audio settings 更改你的音频设定
- READ_CONTACTSread your contacts 读取您的联络人
- READ_EXTERNAL_STORAGEread the contents of your shared storage 读取您的共享存储内容
- READ_LOGS
- READ_PHONE_NUMBERSread phone numbers 读取电话号码
- READ_PHONE_STATEread phone status and identity 读取电话狀況和身份
- READ_SYNC_SETTINGSread sync settings读取同步设定
- READ_SYNC_STATSread sync statistics读取同步统计资料
- RECEIVE_BOOT_COMPLETEDrun at startup 在启动时运行
- RECORD_AUDIOrecord audio 记录音讯
- SET_WALLPAPERset wallpaper 设置壁紙
- SYSTEM_ALERT_WINDOWThis app can appear on top of other apps 此应用程序可以出现在其他应用程序之上
- USE_BIOMETRIC use biometric hardware使用生物识别硬件
- USE_FINGERPRINTuse fingerprint hardware 使用指纹硬件
- VIBRATEcontrol vibration 控制震动
- WAKE_LOCKprevent phone from sleeping阻止电话睡眠
- WRITE_CALENDARadd or modify calendar events and send email to guests without owners' knowledge 添加或修改日历事件,和在没有所有者了解的狀況下向客人发送电子邮件
- WRITE_EXTERNAL_STORAGEmodify or delete the contents of your shared storage 修改或删除你的共享存储内容
- WRITE_SYNC_SETTINGS toggle sync on and off触发同步开/关
- SET_ALARM set an alarm
- 设置警钟
- ID
- INSTALL_SHORTCUT install shortcuts安装捷径
- READ_SETTINGS
- UNINSTALL_SHORTCUTuninstall shortcuts 解除安装捷径
- WIRTE_SETTINGS
- READ_SETTINGS
- SHORTCUT_REMOVE
- WRITE_SETTINGS
- XCARD_INSTANT_SERVICE
- CHANGE_BADGE
- READ_SETTINGS
- WRITE_SETTINGS
- GET_COMMON_DATA
- RECEIVE
- READ_SETTINGS
- WRITE_SETTINGS
- PUSH
- RECEIVE
- READ_SETTINGS
- WRITE_SETTINGS
- READ_SETTINGS
- WRITE_USE_APP_FEATURE_SURVEY
- READ
- WRITE
- provider
- broadcast
- StepProvider
- BADGE_ICON
- screentime
- C2D_MESSAGE
- JPUSH_MESSAGE
- lifecycle
- NOTIFICATION_RECORD
- MESSAGE
- remote_config
- READ_STEPS
- READ_SETTINGS
- WRITE_SETTINGS
MvcTemples 23-03-29
最后编辑于: 23-03-29
