Quick Heal Security Labs detected an Android Banking Trojan that targets more than 232 banking apps including those offered by Indian banks. The malware is known as Android.banker.A2f8a (Previously detected as Android.banker.A9480).
Like most other Android banking malware, even this one is designed for stealing login credentials, hijacking SMSs, uploading contact lists and SMSs on a malicious server, displaying an overlay screen (to capture details) on top of legitimate apps and carrying out other such malicious activities.
Android.banker.A2f8a is being distributed through a fake Flash Player app on third-party stores. This is not surprising given that Adobe Flash is one of the most widely distributed products on the Internet. Because of its popularity and global install base, it is often targeted by attackers.
After installing the malicious app, it will ask the user to activate administrative rights. And even if the user denies the request or kills the process, the app will keep throwing continuous pop-ups until the user activates the admin privilege. Once this is done, the malicious app hides its icon soon after the user taps on it. In the background, the app carries out malicious tasks – it keeps checking the installed app on the victim’s device and particularly looks for 232 apps (banking and some cryptocurrency apps).
If any one of the targeted apps is found on the infected device, the app shows a fake notification on behalf of the targeted banking app. If the user clicks on the notification, they are shown a fake login screen to steal the user’s confidential info like net banking login ID and password.
Indicator of compromise is following app has been installed.
App Name: Flash Player
Package name: yqyJqWdtdf.UOaOrquyRDgLFgGueha
Size: 115 KB
Adobe Flash player has been discontinued after Android 4.1 version as it’s available in the mobile browser itself. There is no official Adobe Flash Player available on the Google Play Store. Adobe had also announced that it will stop updating and distributing Flash player by the end of 2020 in all formats of browser.
Tips to stay safe
- Avoid downloading apps from third-party app stores or links provided in SMSs or emails.
- Always keep ‘Unknown Sources’ disabled. Enabling this option allows installation of apps from unknown sources.
- Most importantly, verify app permissions before installing any app even from official stores such as Google Play.
- Install a reliable mobile security app that can detect and block fake and malicious apps before they can infect your device.
- Always keep your device OS and mobile security app up-to-date.
Alcatel Pixi4 (7) WIFI 8063
1.Downloaded SP Flash tool. (to extract you will need this software). And download patched- boot from this link https://mega.nz/#F!SxYEhRiJ!U7YWFjDOKTt4jP0mbyyTqQ
2.After extract open Flash tool by Clicking “Flash tool.exe”
3. After open Flash tool. There is tab called Download. Click the “Download tab”
4. Now click on Called “Scatter-Loading”. Click it and locate the scatter file from Patched-boot.”MT8127_Android_scatter.txt” select it
5 In the Bootimg select bootimg located in the patched-boot folder “patched_boot.img”
6.Then click on download button. Now restart the tab, it will automatically download and flash the boot image to tab.
Once the Tab boot’s install magisk manager and try to install any root needed app to enjoy. Also we can install magisk module can be installed.
The above patch is in magisk version 14 .magisk manager 5 https://mega.nz/#!qgI0BSJL!el0_FjW5n4eFhPRu17SZAKcwxVwM8NdrmZMBTP51qH8
To remove the offline demo mode in the notification
1. Enable USB Debugging Mode in tab.
2. Download APD_offline_ME70C.zip
and follow the step mentioned in contentupdateSOP0624.pdf
.Once you go thought all the step mentioned .Tab will start playing the demo. (Note:-it will to update around 4-5mins, you check in notification bar)
3. Now need to deactivate the demo mode.When the demo video playing on screen Hold Back Key for more than 10 seconds, until is shows a page to key in password 741603.
The tab will automatically reboot and wipe all user data and deactivate demo mode.
Wait until factory reset complete. Once everything is finished tab will boot up with welcome screen
In this process the tab will be factory reset .So backup the data
I found these APD file and conten.pdf from ASUS website
Asus Memo Pad(Me70c)K01A
- Go to setting- Developer Option and enable USB Debugging.
- Wi-Fi and forget network (if had connected access point).
- Disable Wi-Fi and put the tab in Airplane mode.
- Download and install RootZenFone-1.4.6r.apk
- Then run the app. Below press the button “ok I know, please root!”. A warning will pop up just press ”OK”. It may take around 2-3 mins to finish; mean time will show message that demo mode active.
- Check the notification bar there should be brown the update finish.
- Power off the tab and boot to boot-loader and then select recovery.
- The tab will restart to recovery and automatically make system update and gives an error and reboot the tab.
Now there must be SuperSU installed in app list. Then just update the SuperSU app from the play store.
3.10.20 android@Gemini # 1TueNov 11 14:34:52CST 2014
KVT49L.WW_MeMO_Pad-22.214.171.124-20141111 release-keys 044000281_201406160030
Credit : shakalaca
To Create a System Image Backup
Connect the External HDD and check for the Drive Letter (in this case its” E :”) .Also makes sure that the back-up drive has more storage room than the space used of your C: drive.
Right click Start menu and select Windows PowerShell (admin) ,Click yes to the User Account Control if prompted
In the powershell enter the following command:
wbAdmin start backup -backupTarget:E: -include:C: -allCritical –quiet
Note: The above command tells the Windows to back up the C: drive onto the E: drive, including all critical volumes containing the system’s state. The -quiet switch tells the cmdlet to run without prompting you.
To Restore from that System Image Backup
To restore a system image backup, you’ll need to boot from Windows 8.1 installation media, or system repair disc. Insert the Windows 8.1 installation media or system repair disc and reboot your computer.
Press Enter if you see “Press any key to boot from CD/DVD”
In the Windows Setup window, click the Repair your computer link. On the bottom left.
Click the Troubleshoot icon from the Choose an option Window.
Click the Advanced Options icon in the troubleshooting Window.
In the Advance Options window click on System Image Recovery icon.
Choose the target operating system which would be the Windows 8.1
Windows 8.1 will scan your computer to detect any recent images created.
Because we booted of the Disk the drive letter might change but not the drive name or date and time.
So click on next in the Re-image your computer window.
Check-mark Format and repartition disks. Click next.
Confirm the re-imaging process by clicking on finish and click on yes to the warning saying that the drive will be re-image from the back up you created.
Once you re-start your computer should boot exactly the same as when you created the image backup.
Install ADB with SDK
Make sure that the required drivers for your android device are properly installed on your PC. If you’re not sure then download and install the latest versions from your device manufacture’s website. Below are the links to download software of various manufacturers. Choose yours and install the required software.
Download and install the Android SDK (Software Development Kit) Starter package from http://developer.android.com/sdk/index.html.
An “android-sdk_rXX-windows.zip” file which you can extract to any place on your PC and the adb program will work from there. For easiness with commands, extract it to C:\
For adb to work on SDK Starter package we have to add Platform Tools part to the SDK. Below are the steps:
Open root directory of the SDK (for e.g. if you’ve installed or extracted it on then go to this address “c:\android-sdk-windows”
Find “SDK Manager” and double-click on it to execute.
It will check for updates on the Android website, and a pop up window will appear showing a list of available downloads. Just add the “Android SDK Platform Tools” and reject everything else
On your Android device go to Settings->Applications->Development and make sure that “USB Debugging” is ticked. It’s essential for ADB to work!
Now plug your phone into your PC (using original cable that’s supplied by your manufacturer is recommended when working with ADB). If a window pops up saying “installing drivers” then wait for it to complete installation
Open command prompt from the menus, or Open “Run > and type cmd” to execute Command Prompt and navigate to “c:\
Now insert the following code:
C:\> adb devices
This should display something like the following:
List of devices attached
If you can see your device in the list then congratulations! You’ve done well. You are now good to start using adb. Enjoy!
If it’s NOT appearing in the list make sure that drivers are properly installed and you’ve enabled “USB Debugging”
Toshiba Excite AT300SE Root
Rooting is done with the help of motochopper app done by (Dan Rosenberg) from XDA.
Do it with your own risk
Download the Android ABD driver for Toshiba site (Android WinUsb Driver).
Extract the zip file to C :\(after extract there will be folder C:\usb_driver),then connect the tab to PC or Laptop by putting it into USB Debugging.
Open device manager in the computer. Right-click the device name and Select Update Driver Software. This will launch the Hardware Update Wizard.
Select Browse my computer for driver software.
Select Let me pick from a list of device drivers on my computer
Click Have Disk, click Browse and specify the folder of C:\usb_driver
Click ok in the wizard.
Click Install this driver software anyway
After installing the drivers successfully .Download
and extract from the zip to desktop. Then open the motochopper folder
and click run.bat and then follow instruction.
If everything goes right there will be SuperSu app installed in the tab. As soon as you click on it automatic update the binary.
Connect the tab to internet for later update of SuperSu for Google Play store.