Posts Tagged ‘apps’

New Android Trojan mimics ChatGPT, YouTube, Netflix, and other popular apps

Wednesday, May 31st, 2023

Cyber analysts from CloudSEK have reported an investigation into malicious attacks, revealing that hackers have started utilizing a Java-based Trojan called DogeRAT for Android. The creators of this malware are offering a wide array of malicious functions to clients for just $30 per month.

DogeRAT is an exceptionally effective virus that grants the operator covert control over the victim’s Android device. It stealthily steals sensitive information, including contacts, SMS messages, and online banking credentials. Moreover, the Trojan can perform unauthorized transactions, send spam messages, manipulate infected files, and even exploit the device’s camera to take photos without the user’s awareness. Within the hacking community, DogeRAT is being promoted as a service and has gained considerable popularity.

The true danger lies in the Trojan’s ability to disguise itself. It assumes the shape of both popular legitimate applications and fake ones, often impersonating gaming or banking apps. The researchers have identified approximately a thousand counterfeit applications associated with DogeRAT. Particularly notable among these disguises are replicas of well-known products such as the Opera Mini browser, a non-existent Android VulnScan OS, a clone of the ChatGPT bot, and premium versions of YouTube and Netflix.

(more…)

Keep your app from failing in a 64-bit-only Android phone

Friday, February 10th, 2023

Android hardware is always changing. Sometimes, the hardware change is highly visible, like from a regular screen to a wide screen or to an ultra-wide screen. And sometimes, it is not. If you are building apps for Android, I think you must be familiar with the device available in the market. Generally, there are two types. Some Android devices are 32-bit only. They are usually mobile devices for the low-end market or TV-devices. And the majority of mobile devices are 32/64-bit mixed mobile devices. Now, this is a bit different after the Pixel 7 is launched.

The first Android phone to be solely configured as 64-bit is the Pixel 7. And as forthcoming high-end SOC cannot run 32-bit code, this will be a big thing this year. Every developer should get ready for this. It is anticipated that 64-bit only will become the default option in the future, due to several advantages.

First, it is faster. 64-bit applications run faster because they have access to extra registers and adjustments that are not available to 32-bit apps. Secondly, it is safer. The bigger address space makes defense like ASLR more effective and the spare bits can be used to protect control full integrity. And the new hardware instructions get added to 64-bit but not 32-bit instruction sets. Thirdly, it improves system health. Removing support for 32-bit code, saves up to 150 megabytes of RAM, which has been used by the OS even when it is not running 32-bit apps. And finally, starting in 2023, high-end SOCs will no longer be able to run 32-bit code.

(more…)

Chinese Authorities Seize Ransomware Creators distributing WannaCry Copycat for Android

Friday, August 4th, 2017

Chinese Police caught a pair of young people who spread a type of SLocker Android ransomware virus that was modified to resemble WannaCry, another ransomware that stretched around the globe in the course of May infecting Windows users.

The two arrests happened in the beginning of June just several days after infosec specialists from Tencent and Qihoo 360 had discovered initial virus attacks.
Ransomware virus was masked to look like a plugin for widespread and trendy Chinese mobile game called King of Glory.

This WannaCry copycat was derived from a recent version of the SLocker ransomware, an Android virus type which has lately been seen a renaissance in the first Quarter of 2017.

Law enforcement representatives stated the ransomware authors managed to infect around one hundred user devices. The ransomware effect was minimal since its creators didn’t possess the expertise and knowledge required for massive distribution. The pair of criminals utilized hyperlinks on Chinese discussion boards and community forums to distribute their fake Kings of Glory plugin.

Ransomware authors had a number of opsec slipups and failures which led them to arrests.

(more…)

Su-Preme MPA: The first demo video of my first app!

Thursday, December 23rd, 2010

Check out the first demo vid of Su-Preme MPA – my first Android app to be released on the market in few days!

MPA is a sample based music production app that mimics the look and feel of a classic analog device that is widely popular among urban music producers.

I’m proud to say that MPA is not a toy. We really mean it to be used by actual music producers to make actual beats.

The app was co-designed and will be promoted by Alaric “Supreme” Wilder of Wu-Tang Clan fame. He also did the video!

Android Hacks: Scan Android classpath

Friday, December 10th, 2010

Why scan the classpath? There are various patterns that are often used in enterprise Java applications that require scanning of classpath and getting the list of all classes that are present in the application.

For example, if you want to discover all classes with a certain annotation (such as @Component in Spring Framework) to process them in a special way, you need a way to go over all classes in your application and select some of them based on which annotations they have.

However, neither Java SE nor Android have built-in facilities to safely get the list of all classes in your application in runtime. The reason for that is the theory behind classloaders in Java – the ability to go over all classes is neither needed in classic OOP nor feasible for all theoretically possible classloader implementations. However, in practice, scanning classpath and discovering the classes you need is quite possible in most cases, both in your web app and on Android. This is always going to be more or less a hack, but if it has been useful in web applications, it can also be useful in Android apps – with some caution, of course.

Thus, in this article I will show and explain a piece of code that does exactly that – scans your classpath and gives you the ability to go over all classes in your app.

(more…)

Business Android: Enterprise APIs missing in the platform

Friday, December 3rd, 2010

My definition or, rather, my perception of an enterprise mobile app is generally the following:

  • The app in question is a mobile client for a multi-user client-server application. It can either be the only kind of client for the app, or co-exist with a web interface or, for example, a PC desktop client for the same server app.
  • It has a “serious” user interface – rather than trying to impress the end-user with a slick, non-typical UI, it aims to be as straightforward and predictable as possible. It tends to have various forms, charts, trees and lists of various complexity.
  • Conceptually, very often a big part of the app is dedicated to managing (CRUDing) a set of entities such as users, documents, reports etc. Domain models can get quite complex, often with tree-like structures, fine-grained user permissions with different access levels and profiles.
  • Internally the app uses typical client-server protocols like SOAP, XML-RPC or even CORBA. Often in-house protocols and frameworks are used on top of those generic ones or instead of them. You get the picture.

Enterprise apps might not seem to be the most interesting kind to work on. However, they are attractive for many studios because customers usually pay well for them. In addition, as a developer, you will find that they are often challenging to implement – at least with functional and internal quality that will satisfy both the customer and you.

In this article, I would like to cover a list of typical facilities that Android developers need when developing such kind of apps. The platform does not really have that much to offer (as we will see), and many developers build their own ad-hoc frameworks that they try to reuse as needs arise.

I will share some thoughts that I have about that, and will be happy to know your stories too.

(more…)

Android Architecture: Message-based MVC

Wednesday, November 17th, 2010

How do you separate application state, user interaction logic and data presentation in your Android apps?

Platform designers did not enforce any high-level application architecture framework upon us but left us enough options to implement our own solutions based on application requirements and scale. Most simple applications will get away with just storing data in their widgets (such as in text fields, spinners etc.) and their state manipulation right in event handlers such as OnClickListener‘s. However, if you are going to write a complex application or plan to sophisticate your simple app further, you should really think how to layer it well so that the architecture supports adding new features and satisfies the expected performance, flexibility, responsiveness and other requirements, and your code does not become a mess.

In this article, I will show you one practical approach to dividing application code into three layers according the MVC paradigm and connecting the view to the controller using the Android messaging framework. I used it in my own code and although it might not be 100% academically correct or applicable for every possible app, I love the benefits it gives to me as my app grows more and more complex.

(more…)

The Robot Is Back

Friday, November 12th, 2010

WE GET SIGNAL

After few months of busy work in the underground laboratories, MTR is back again. As you can see, I have even installed a new theme which looks to me kinda less annoying and more effective in terms of content.

What I plan to do is, of course, to continue the series of articles on Android development so we can go on sharing our knowledge and experience. Many things have been changing in the Android world. Tablets are here today, and new versions of the platform are soon to come. Android is becoming a more and more widespread and seriously taken platform and at this point, there is no way back.

As for this blog, it is still going to be about useful content (at least content that I consider useful), not about promo articles or high traffic volumes. I am still very interested in general architecture topics, plus multimedia (especially audio) and, sure enough, your questions, issues and achievements.

Some of the topics that are coming up are:

(more…)

Android Performance: Be careful with byte[]

Wednesday, September 22nd, 2010

There are many cases where we use byte[] in our code. In fact, it is the “rawest” type possible in Java unless you go native. Thus, byte arrays are often used to store raw data such as bitmaps, audio and various binary objects.

The previous two articles on MTR were dedicated to audio decoders, including WAV and MP3. In both cases, raw PCM data that was the result of your decoding was a byte array (which you would later write to AudioTrack).

I already mentioned in one of those articles that you should consider streaming any audio that is longer than the reasonable maximum. However, even if your data will definitely fit into the heap, in most cases you can still do better than just using a byte array. Why? Read on (relevant for non-audio byte[]s as well!)

(more…)

Android Audio: Play an MP3 file on an AudioTrack

Friday, September 17th, 2010

In my previous article I outlined the stages you need to go through if you want to manually decode WAVs to PCM to play them on an AudioTrack. I promised to show how to do the same for MP3s and this is what this post is going to be about.

Again, the use case is more common than you might think. The only way you can play an MP3 file via direct Android API is MediaPlayer which is heavyweight, slow and presents only high-level API. If you need to mix or modify audio streams or manage them with low latency, you are on your own. But I will try to help you right now.

(more…)