Jump to content

Repacked Android ESET Mobile Security


hellosky11

Recommended Posts

Sharing repacked version of ESET mobile security whose certificates have been tampered to make them premium with all the features enabled, the apps signature updates are working perfectly.  Kindly check and release detection

Sample link: 

https://gofile.io/d/KKBGR0

 

Link to comment
Share on other sites

The problem with Android app certificates;

Quote

Both Android and Windows use a system root store to determine if a certificate is trusted. However, Windows certificates are issued by a trusted Certificate Authority (CA), while Android certificates do not have to be signed by a CA.

 

Link to comment
Share on other sites

That’s exactly what I mentioned — they don’t have valid certificates, which is why they should be detected. This is why Marcos told me to share the samples. The certificates have been tampered with, but the app works just like the original one. It still receives signature updates and has all features enabled.
 

@Marcos, do you need any other information as @itmanhas also confirmed of tampered certificate

Link to comment
Share on other sites

There are a number of web sites offering cracked versions of Eset Mobile Premium. One such site here: https://apkmody.com/apps/eset-mobile .

Using any of these is the equivalent to playing Russian roulette malware infection with 5 bullets loaded in the chamber.

Edited by itman
Link to comment
Share on other sites

This needs to be stated.

Should Eset detect cracked software including its own software? Yes, if the software performs malicious or undesirable behavior. Otherwise, Eset will handle cracked versions of its software by revoking its license key. It can also at its option, initiate appropriate legal action against the crack software developer.

Link to comment
Share on other sites

19 hours ago, itman said:

There are a number of web sites offering cracked versions of Eset Mobile Premium. One such site here: https://apkmody.com/apps/eset-mobile .

I downloaded this cracked Eset Mobile Premium Android version and submitted it to VirusTotal. Zero detection's: https://www.virustotal.com/gui/file/61b085ed84041a6d6d36682e383421d91fa9c14323cdd4b6b3f762e3b81dd5ff

However, CrowdStrike Falcon sandbox dynamic analysis: https://www.hybrid-analysis.com/sample/61b085ed84041a6d6d36682e383421d91fa9c14323cdd4b6b3f762e3b81dd5ff?environmentId=200 rates it malicious with a 72/100 confidence factor. Appears main malicious factor is a YARA detection for a unknown DotNet RAT embedded within. Also, SMS spyware indicators found.

If this cracked version malicious? Depends on how much you trust CrowdStrike's detection is not a false positive.

Bottom line analysis in regards to use of cracked software. Don't use them! They are not worth the risk.

Edited by itman
Link to comment
Share on other sites

i know them, the purpose of sharing them is to submit and get the detection for them as i very much stated in my very first comment,

@Marcos you asked me for samples, and i have not heard back from you, this is really weird!

 

 

Edited by hellosky11
Link to comment
Share on other sites

3 hours ago, itman said:

I downloaded this cracked Eset Mobile Premium Android version and submitted it to VirusTotal. Zero detection's: https://www.virustotal.com/gui/file/61b085ed84041a6d6d36682e383421d91fa9c14323cdd4b6b3f762e3b81dd5ff

However, CrowdStrike Falcon sandbox dynamic analysis: https://www.hybrid-analysis.com/sample/61b085ed84041a6d6d36682e383421d91fa9c14323cdd4b6b3f762e3b81dd5ff?environmentId=200 rates it malicious with a 72/100 confidence factor. Appears main malicious factor is a YARA detection for a unknown DotNet RAT embedded within. Also, SMS spyware indicators found.

If this cracked version malicious? Depends on how much you trust CrowdStrike's detection is not a false positive.

Bottom line analysis in regards to use of cracked software. Don't use them! They are not worth the risk.

I have shared the samples with different vendors, and they include a collection of all Android antimalware vendors modapps, not just ESET.

I have shared the samples with Avast, Norton, Avira, Dr.Web, Kaspersky, and Bitdefender. Since there are more than 300 samples of tampered certificate Android apps, I have been informed that the detection will take time. However, the apps have been classified as repacked, and some detections are already being generated.

Link to comment
Share on other sites

Now this is very interesting.

I also downloaded a legit version of Eset Mobile Android from the Eset web site. CrowdStrike Falcon sandbox via dymanic analysis gave it a 100/100 malicious verdict: https://www.hybrid-analysis.com/sample/35b3de41dedd08b6bea252dcabf5f1424ecc5eb0452135e42b1d6652c7f6a251/66fda07835326df3b50e9396 . Same malicious behavior noted as for the above cracked version plus additional ones.

Are these CrowdStrike detection's false positives? Probably, but who knows for sure .............. Or, is the problem it's really difficult to impossible to detect real Android app malicious behavior?

Edited by itman
Link to comment
Share on other sites

3 hours ago, hellosky11 said:

I have shared the samples with Avast, Norton, Avira, Dr.Web, Kaspersky, and Bitdefender. Since there are more than 300 samples of tampered certificate Android apps, I have been informed that the detection will take time.

If these vendors want to "act like mad dogs chasing their tail," that's their prerogative. My best guess is for a number of these samples, they will be detected as a crack PUA at most. Note that some security solutions make it a point to detect cracked software; MalwareBytes is foremost in this regard.

Edited by itman
Link to comment
Share on other sites

On 10/3/2024 at 2:47 AM, hellosky11 said:

does that means that eset will not detect the crack version of its own software, when it can detect the keygens that i sent for their windows based products then why not for their android based product

The problem is the basic version of Eset Mobile is a free product. Appears some have found a way to activate the Premium version features without altering the basic version core code structure. I don't believe what is being done here is a license key crack.

Assumed is Eset is aware of this issue and will be modifying the free version of Eset Mobile so this is no longer possible.

Also of note is the Premium features are valid for 30 days in the free Mobile version. These cracked versions might be just the free version.

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...