The details of a domestic e-commerce APP exploiting Android vulnerabilities are exposed: embedded privilege escalation code, dynamic delivery of Dex

News 2023-03-28 20:07:25 views: null

Recently, DarkNavy, an independent security research organization, published an article disclosing that an APP of a domestic Internet giant took advantage of Android system vulnerabilities to elevate privileges, making it difficult to uninstall. According to the report, the APP first used the deserialization vulnerability in the OEM code of multiple manufacturers to elevate its rights . private information (including social media account information, location information, Wi-Fi information, base station information and even router information, etc.) .

Afterwards, the App uses the root-path FileContentProvider exported from the OEM code of the mobile phone manufacturer to read and write System App and sensitive system application files; then it breaks through the sandbox mechanism, bypasses the permission system, rewrites key system configuration files to keep itself alive, and modifies user The desktop (Launcher) is configured to hide itself or deceive users to prevent uninstallation ; then, it further hijacks other applications by overwriting dynamic code files to inject backdoor code execution for more concealed long-term residence; it even implements the same spyware The remote control mechanism controls the start and suspension of illegal activities through the remote "cloud control switch" to avoid detection.

In the end, the Internet vendor used the above-mentioned series of concealed hacking techniques to achieve:

  • Concealed installation, increase installed capacity

  • False Boost DAU/MAU

  • Users cannot uninstall

  • Attacking Competitor Apps

  • Steal user privacy data

  • Evasion of privacy compliance regulations

and other suspected illegal purposes.

According to discussions among netizens, a typical feature of this APP is to create shortcuts on the desktop after installation. What the user actually uninstalls or deletes is only the shortcuts, not the main body . MAU, attacking competitors' apps.

The picture below is a post posted by a netizen on the forum. He said that his relative’s Android phone could not uninstall the e-commerce app:

The day before yesterday, someone published the complete vulnerability escalation method and implementation details on GitHub. It is said that the APP's APK is embedded with multiple exploit codes for privilege escalation, and dynamically distributed Dex analysis.

View details: https://github.com/davinci1010/pinduoduo_backdoor

Guess you like

Origin www.oschina.net/news/231879
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com