One very normal day, Our Threat Intelligence team observed a Twitter user, describing how first his Netflix account and then his bank account in one of the major banks got hacked. There were two apps involved in the malicious operation. The user first installed an app ‘Clean your Phone’ from one of the third party android app stores. After installation, the phone worked fine for some time. Suddenly one day, his phone froze for about 5 minutes while using the app and when it unfroze, it prompted “One time offer: Install pro-add-on for free – Install?” – which then downloaded and installed another malicious app on the user’s phone.
We have identified the first app – Clean your Phone to be available on the BeVigil Search engine. Your first task is to go through this app’s scan report and find hints by digging into the Assets [urls, hostnames, IPs, etc] that this app has hardcoded within the source code. The flag could be obtained by connecting a few dots in this app’s report.
Flag format: Once you get it, you would know it.
https://bevigil.com/report/com.robocleansoft.boostvscleanapp