hellosky11 3 Posted Monday at 11:35 AM Share Posted Monday at 11:35 AM Sharing repacked version of ESET mobile security whose certificates have been tampered to make them premium with all the features enabled, the apps signature updates are working perfectly. Kindly check and release detection Sample link: https://gofile.io/d/KKBGR0 Quote Link to comment Share on other sites More sharing options...
hellosky11 3 Posted Monday at 01:37 PM Author Share Posted Monday at 01:37 PM @Marcosas you asked i have shared Quote Link to comment Share on other sites More sharing options...
itman 1,748 Posted Monday at 02:55 PM Share Posted Monday at 02:55 PM The problem with Android app certificates; Quote Both Android and Windows use a system root store to determine if a certificate is trusted. However, Windows certificates are issued by a trusted Certificate Authority (CA), while Android certificates do not have to be signed by a CA. Quote Link to comment Share on other sites More sharing options...
itman 1,748 Posted Tuesday at 01:11 PM Share Posted Tuesday at 01:11 PM (edited) I downloaded your hacked Eset Mobile samples. None are validly signed using Eset cert.. Eset Mobile uses the following cert.; Edited Tuesday at 01:14 PM by itman Quote Link to comment Share on other sites More sharing options...
hellosky11 3 Posted Tuesday at 05:46 PM Author Share Posted Tuesday at 05:46 PM That’s exactly what I mentioned — they don’t have valid certificates, which is why they should be detected. This is why Marcos told me to share the samples. The certificates have been tampered with, but the app works just like the original one. It still receives signature updates and has all features enabled. @Marcos, do you need any other information as @itmanhas also confirmed of tampered certificate Quote Link to comment Share on other sites More sharing options...
hellosky11 3 Posted Tuesday at 05:47 PM Author Share Posted Tuesday at 05:47 PM @Marcos, you need to get them detected by malware researchers before the link containing the samples expire IvanL_5306 1 Quote Link to comment Share on other sites More sharing options...
itman 1,748 Posted Tuesday at 06:42 PM Share Posted Tuesday at 06:42 PM (edited) There are a number of web sites offering cracked versions of Eset Mobile Premium. One such site here: https://apkmody.com/apps/eset-mobile . Using any of these is the equivalent to playing Russian roulette malware infection with 5 bullets loaded in the chamber. Edited Tuesday at 06:49 PM by itman Quote Link to comment Share on other sites More sharing options...
itman 1,748 Posted Tuesday at 10:48 PM Share Posted Tuesday at 10:48 PM This needs to be stated. Should Eset detect cracked software including its own software? Yes, if the software performs malicious or undesirable behavior. Otherwise, Eset will handle cracked versions of its software by revoking its license key. It can also at its option, initiate appropriate legal action against the crack software developer. Quote Link to comment Share on other sites More sharing options...
hellosky11 3 Posted Wednesday at 05:45 AM Author Share Posted Wednesday at 05:45 AM so what is current solution for this, releasing detection for these? Quote Link to comment Share on other sites More sharing options...
itman 1,748 Posted Wednesday at 01:17 PM Share Posted Wednesday at 01:17 PM (edited) 19 hours ago, itman said: There are a number of web sites offering cracked versions of Eset Mobile Premium. One such site here: https://apkmody.com/apps/eset-mobile . I downloaded this cracked Eset Mobile Premium Android version and submitted it to VirusTotal. Zero detection's: https://www.virustotal.com/gui/file/61b085ed84041a6d6d36682e383421d91fa9c14323cdd4b6b3f762e3b81dd5ff However, CrowdStrike Falcon sandbox dynamic analysis: https://www.hybrid-analysis.com/sample/61b085ed84041a6d6d36682e383421d91fa9c14323cdd4b6b3f762e3b81dd5ff?environmentId=200 rates it malicious with a 72/100 confidence factor. Appears main malicious factor is a YARA detection for a unknown DotNet RAT embedded within. Also, SMS spyware indicators found. If this cracked version malicious? Depends on how much you trust CrowdStrike's detection is not a false positive. Bottom line analysis in regards to use of cracked software. Don't use them! They are not worth the risk. Edited Wednesday at 02:34 PM by itman Quote Link to comment Share on other sites More sharing options...
hellosky11 3 Posted Wednesday at 04:48 PM Author Share Posted Wednesday at 04:48 PM (edited) i know them, the purpose of sharing them is to submit and get the detection for them as i very much stated in my very first comment, @Marcos you asked me for samples, and i have not heard back from you, this is really weird! Edited Wednesday at 04:48 PM by hellosky11 Quote Link to comment Share on other sites More sharing options...
hellosky11 3 Posted Wednesday at 04:55 PM Author Share Posted Wednesday at 04:55 PM 3 hours ago, itman said: I downloaded this cracked Eset Mobile Premium Android version and submitted it to VirusTotal. Zero detection's: https://www.virustotal.com/gui/file/61b085ed84041a6d6d36682e383421d91fa9c14323cdd4b6b3f762e3b81dd5ff However, CrowdStrike Falcon sandbox dynamic analysis: https://www.hybrid-analysis.com/sample/61b085ed84041a6d6d36682e383421d91fa9c14323cdd4b6b3f762e3b81dd5ff?environmentId=200 rates it malicious with a 72/100 confidence factor. Appears main malicious factor is a YARA detection for a unknown DotNet RAT embedded within. Also, SMS spyware indicators found. If this cracked version malicious? Depends on how much you trust CrowdStrike's detection is not a false positive. Bottom line analysis in regards to use of cracked software. Don't use them! They are not worth the risk. I have shared the samples with different vendors, and they include a collection of all Android antimalware vendors modapps, not just ESET. I have shared the samples with Avast, Norton, Avira, Dr.Web, Kaspersky, and Bitdefender. Since there are more than 300 samples of tampered certificate Android apps, I have been informed that the detection will take time. However, the apps have been classified as repacked, and some detections are already being generated. Quote Link to comment Share on other sites More sharing options...
itman 1,748 Posted Wednesday at 07:54 PM Share Posted Wednesday at 07:54 PM (edited) Now this is very interesting. I also downloaded a legit version of Eset Mobile Android from the Eset web site. CrowdStrike Falcon sandbox via dymanic analysis gave it a 100/100 malicious verdict: https://www.hybrid-analysis.com/sample/35b3de41dedd08b6bea252dcabf5f1424ecc5eb0452135e42b1d6652c7f6a251/66fda07835326df3b50e9396 . Same malicious behavior noted as for the above cracked version plus additional ones. Are these CrowdStrike detection's false positives? Probably, but who knows for sure .............. Or, is the problem it's really difficult to impossible to detect real Android app malicious behavior? Edited Wednesday at 08:06 PM by itman Quote Link to comment Share on other sites More sharing options...
itman 1,748 Posted Wednesday at 08:44 PM Share Posted Wednesday at 08:44 PM (edited) 3 hours ago, hellosky11 said: I have shared the samples with Avast, Norton, Avira, Dr.Web, Kaspersky, and Bitdefender. Since there are more than 300 samples of tampered certificate Android apps, I have been informed that the detection will take time. If these vendors want to "act like mad dogs chasing their tail," that's their prerogative. My best guess is for a number of these samples, they will be detected as a crack PUA at most. Note that some security solutions make it a point to detect cracked software; MalwareBytes is foremost in this regard. Edited Wednesday at 08:45 PM by itman Quote Link to comment Share on other sites More sharing options...
hellosky11 3 Posted Thursday at 06:47 AM Author Share Posted Thursday at 06:47 AM does that means that eset will not detect the crack version of its own software, when it can detect the keygens that i sent for their windows based products then why not for their android based product Quote Link to comment Share on other sites More sharing options...
itman 1,748 Posted Thursday at 02:03 PM Share Posted Thursday at 02:03 PM (edited) On 10/3/2024 at 2:47 AM, hellosky11 said: does that means that eset will not detect the crack version of its own software, when it can detect the keygens that i sent for their windows based products then why not for their android based product The problem is the basic version of Eset Mobile is a free product. Appears some have found a way to activate the Premium version features without altering the basic version core code structure. I don't believe what is being done here is a license key crack. Assumed is Eset is aware of this issue and will be modifying the free version of Eset Mobile so this is no longer possible. Also of note is the Premium features are valid for 30 days in the free Mobile version. These cracked versions might be just the free version. Edited 1 hour ago by itman Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.