A recent report by Symantec published on this week has uncovered 152 Android Application, all of which are malicious and tricks JIO user to give Free JIO Data balance. These all apps are fake android apps that only serve advertisement, never give any free JIO data. Symantec detect these apps as Android.Fakeapp.
What is JIO Company
JIO is an Indian Mobile Network Operator. JIO was founded in 2007. JIO is owned by Owned by Reliance Industries. JIO has over 300 million subscribers. As per Wikipedia JIO has 314.80 million (April 2019) subscriber. JIO headquarter is located at Mumbai.
“These 152 APKs were developed under 21 different package names, all of which claim to offer a free daily data allowance of 25 GB or 125 GB for a period of time ranging from just one day to one year. However, users who download these malicious apps will not receive any free data boosts; instead, their devices will be used to generate advertising revenue for the developers of the apps.” Symantec reports.
How these apps are working
Symantec reports all these fake apps are imitating legitimate JIO apps, like they are using legitimate JIO icons and names, and this makes people fool and people are installing these fake apps on their mobiles. These Fake android apps are using UIs as JIO’s legitimate Apps.
These Fake Apps only annoys you with Advertisements. Upon installing these apps you can see the User Interface of these fake apps looks like legitimate apps user interfaces. Next it will ask you to enter your mobile number to get the JIO free data balance, but if you provide your mobile number there the fake will do nothing, will give you a false impression of connecting to the JIO server. But the researchers says “In fact, the malicious app’s source code shows that no real connections or processing is taking place while the spinner is displayed, and a sleep timer has been added to extend the time the spinner stays onscreen”. Then the fake apps will ask you to share this App in your Whatsapp groups 10 times to get the free JIO data.
Researchers say “victims are asked to share the app with 10 contacts via WhatsApp in order to activate the offer. Other variants of the malware ask victims to follow the developer’s Instagram account or a Telegram group (which are listed in the app). There are also some versions that ask victims to share the app via SMS. Worse still, some of the apps don’t even bother to ask the victim and just go ahead and send the SMS messages without the user’s knowledge. The messages contain a link to download the malicious app and are sent to numbers in the victim’s contact list.”
How to stay safe
- Always make sure your mobile Operating system is up to date
- Use a repeated Antivirus for your mobile
- Never download any apps from untrusted sources
- Check the permissions the application is requesting
Indicators of Compromise
APK SHA2 hash Package name
a4g.muko.bhadvo.jioprime_4g 250af63da1463ff5483cf1f97acc4f6c7384f7e228ae6e82751cb79c8cf0e28f
a4g.muko.bhadvo.jioprime_4g 2fb9da99afd0736567ca900e1aaf19fafdca1a9e0eec2b8c69f7fcc799baebcb
a4g.muko.bhadvo.jioprime_4g 9dfcfb6fed8b1f9136a841b4fe535dfb1c8de54622ba683b5e6ecf8ec992426c
a4g.muko.bhadvo.jioprime_4g ddf726bd6369c422e0ca3f8d9d10ff316674f8490b3a1e648c41281ad93167c3
a4g.my.afor.offer.myjiooffers 077cda0052f1baafc6431c1791b03d6e51b989a9e6b9e9e72cc28b885f03913c
a4g.my.afor.offer.myjiooffers 07f19961b59a93b4286e9a5be2b6803490b1819ceb710de4959d6a5ee401cd9a
a4g.my.afor.offer.myjiooffers 0b79591d394d2a1e6507aae55320f5a10635c54620df769b118d5e01d3df4dba
a4g.my.afor.offer.myjiooffers 0cfe274a55b84d184f7c5504893e457df678a47e2361c65930de971056277c2f
URL
http://instagram.com/_u/india.tech.news
http://instagram.com/_u/myindianews
http://telegram.me/UnEthicalHacker
Reference :
https://www.symantec.com/blogs/threat-intelligence/malicious-android-apps-india-jio