Some thoughts on .apk traffic

[boxilai]

what i learn:

The most successful transition to spreading .apk-based consumer malware requires working with active developers who can design basic applications using j or kotlin. For example, you can publish an app on the Google Play Store
Then, installed on the device, once the user opens the app, it gets real-time "updates" and replaces the updates with your malicious .apk from the external server.

There are two very important points, which greatly affect the success rate：

1.It's better to have an older developer certificate. Corporate developers are better than individual developers
2.It is very important to ensure that your malware never touches the Google Play Store

 

[boxilai]

Accept corrections and criticisms, and do not sell developer accounts (I don’t have any extra)

 

[boxilai]

Regarding the "update" part, different loaders have different capabilities, which also affects the success rate.

 

[ProfessorAdver]

Any success in logs to find older developer certificate from corporate?

 

[Marlimar]

what i learn:

The most successful transition to spreading .apk-based consumer malware requires working with active developers who can design basic applications using j or kotlin. For example, you can publish an app on the Google Play Store
Then, installed on the device, once the user opens the app, it gets real-time "updates" and replaces the updates with your malicious .apk from the external server.

There are two very important points, which greatly affect the success rate：

1.It's better to have an older developer certificate. Corporate developers are better than individual developers
2.It is very important to ensure that your malware never touches the Google Play Store

And how do you prevent it from making its way to the google store ?