当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0198165

漏洞标题:针对钓鱼拦截马apk逆向分析(大量受害者)

相关厂商:cncert国家互联网应急中心

漏洞作者: 路人甲

提交时间:2016-04-19 18:30

修复时间:2016-06-06 15:40

公开时间:2016-06-06 15:40

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-04-19: 细节已通知厂商并且等待厂商处理中
2016-04-22: 厂商已经确认,细节仅向厂商公开
2016-05-02: 细节向核心白帽子及相关领域专家公开
2016-05-12: 细节向普通白帽子公开
2016-05-22: 细节向实习白帽子公开
2016-06-06: 细节向公众公开

简要描述:

最近电信诈骗,钓鱼是个热门,针对几个apk进行逆向分析。
大致类型分为三种,第一;邮箱接收 不加密 第二:邮箱接收 加密 第三:手机接收

详细说明:

111.png

222.png


定位到10086 (1)\Project\smali\com\phone\stop\db\a.smali

.method public h()Ljava/lang/String;
    .locals 3
    iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;
    const-string v1, "a60"
    const-string v2, "aa13178899187@**.**.**.**"
    invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
    move-result-object v0
    return-object v0
.end method
.method public h(Z)V
    .locals 2
    iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;
    invoke-interface {v0}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor;
    move-result-object v0
    const-string v1, "has_send_phone_info"
    invoke-interface {v0, v1, p1}, Landroid/content/SharedPreferences$Editor;->putBoolean(Ljava/lang/String;Z)Landroid/content/SharedPreferences$Editor;
    invoke-interface {v0}, Landroid/content/SharedPreferences$Editor;->commit()Z
    return-void
.end method
.method public i()Ljava/lang/String;
    .locals 3
    iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;
    const-string v1, "a70"
    const-string v2, "aa13178899187@**.**.**.**"
    invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
    move-result-object v0
    return-object v0
.end method
.method public i(Z)V
    .locals 2
    iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;
    invoke-interface {v0}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor;
    move-result-object v0
    const-string v1, "has_send_contacts"
    invoke-interface {v0, v1, p1}, Landroid/content/SharedPreferences$Editor;->putBoolean(Ljava/lang/String;Z)Landroid/content/SharedPreferences$Editor;
    invoke-interface {v0}, Landroid/content/SharedPreferences$Editor;->commit()Z
    return-void
.end method
.method public j()Ljava/lang/String;
    .locals 3
    iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;
    const-string v1, "a80"
    const-string v2, "123456qq"


几个apk都是在这个位置
有些加密的

.method public p()Ljava/lang/String;
    .locals 3
    iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;
    const-string v1, "receive_email_account"
    const-string v2, "0670c32ce2e01835626259e19b7afc5142c4667d5d21f62b"
    invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getString(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
    move-result-object v0
    return-object v0
.end method
.method public q()Z
    .locals 3
    iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;
    const-string v1, "has_set_receive_email_account"
    const/4 v2, 0x0
    invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences;->getBoolean(Ljava/lang/String;Z)Z
    move-result v0
    return v0
.end method
.method public r()Ljava/lang/String;
    .locals 3
    iget-object v0, p0, Lcom/phone/stop/db/a;->b:Landroid/content/SharedPreferences;
    const-string v1, "send_email_pwd"
    const-string v2, "079a82dbbb2bafefd0c3804faf7f793c"


获得进行登陆

333.png

444.png


漏洞证明:

aa13178899187@**.**.**.** 123456qq
asdoiqpjvb@**.**.**.** qwe1314poi890bn

修复方案:

剧归属地查询以及受害群体,
广州有伪基站

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2016-04-22 15:36

厂商回复:

CNVD未直接复现所述情况,暂未建立与网站管理单位的直接处置渠道,待认领。

最新状态:

暂无