S0525 Android/AdDisplay.Ashas
Android/AdDisplay.Ashas is a variant of adware that has been distributed through multiple apps in the Google Play Store. 1
| Item | Value |
|---|---|
| ID | S0525 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 29 October 2020 |
| Last Modified | 29 October 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1418 | Application Discovery | Android/AdDisplay.Ashas has checked to see how many apps are installed, and specifically if Facebook or FB Messenger are installed.1 |
| mobile | T1402 | Broadcast Receivers | Android/AdDisplay.Ashas has registered to receive the BOOT_COMPLETED broadcast intent to activate on device startup.1 |
| mobile | T1475 | Deliver Malicious App via Authorized App Store | Android/AdDisplay.Ashas has been identified in 42 apps in the Google Play Store.1 |
| mobile | T1523 | Evade Analysis Environment | Android/AdDisplay.Ashas can check that the device IP is not in the range of known Google IP addresses before triggering the payload and can delay payload deployment to avoid detection during testing and avoid association with unwanted ads.1 |
| mobile | T1472 | Generate Fraudulent Advertising Revenue | Android/AdDisplay.Ashas can generate revenue by automatically displaying ads.1 |
| mobile | T1444 | Masquerade as Legitimate Application | Android/AdDisplay.Ashas has mimicked Facebook and Google icons on the “Recent apps” screen to avoid discovery and uses the com.google.xxx package name to avoid detection.1 |
| mobile | T1406 | Obfuscated Files or Information | Android/AdDisplay.Ashas has hidden the C2 server address using base-64 encoding. 1 |
| mobile | T1437 | Standard Application Layer Protocol | Android/AdDisplay.Ashas has communicated with the C2 server using HTTP.1 |
| mobile | T1508 | Suppress Application Icon | Android/AdDisplay.Ashas can hide its icon and create a shortcut based on the C2 server response.1 |
| mobile | T1426 | System Information Discovery | Android/AdDisplay.Ashas can collect information about the device including device type, OS version, language, free storage space, battery status, device root, and if developer mode is enabled.1 |