- #Magic call app download for jio phone apk
- #Magic call app download for jio phone install
- #Magic call app download for jio phone android
- #Magic call app download for jio phone password
#Magic call app download for jio phone password
#Magic call app download for jio phone apk
MD5 hash of APK file: f9e5fac6a4873f0d74ae37b246692a40įigure 6 shows the website crafted by the attacker and hosted on which misinforms the user and lures them to download the APK file.įor the purpose of technical analysis we will look at the APK file with MD5 hash: 5e0ac8784dae349cfa840cbef5bd3dfb Shortened URL: hxxps://tinycc/Register-Laptop The latest theme used by this threat actor is related to “Free Lenovo laptop scheme by Indian Government”. The actual APK file is hosted on an attacker-controlled GitHub account.ĭuring our research on this threat actor, we also identified several more GitHub accounts and the complete list is available in the Indicators of Compromise (IOC) section.įigure 4 and Figure 5 shows two more such GitHub accounts. This webpage misinforms the user that the TikTok application is available again in India and lures them to download it. Shortened link: URL: GitHub download link: In the original download request which we observed in Zscaler cloud, the user-agent string was: WhatsApp/2.21.4.22 which indicated to us that the link was clicked by the user in a WhatsApp message.Īs an example, in one of the instances, the shortened URL redirected the user to the website: which looks like shown in Figure 3. The content of this site is crafted based on current events in India and used for social engineering. The graphical timeline below shows the different themes used by the threat actor over a period of time.įigure 1: Timeline showing different themes used by threat actorĪttack infection chain begins with an SMS or a Whatsapp message where the user receives a shortened URL link which ultimately redirects to a website hosted on Weebly and controlled by the attacker. They leverage popular themes and current events in India and use them as a social engineering technique to lure the user to download their application. We observed a pattern in their tactics, techniques and procedures (TTPs). Per our research, this threat actor has been active in-the-wild since as early as March 2020.
![magic call app download for jio phone magic call app download for jio phone](https://www.xda-developers.com/files/2020/07/ASUS-ROG-Phone-3-Feature-Image_6.jpg)
![magic call app download for jio phone magic call app download for jio phone](https://cdn.shopclues.com/images1/thumbnails/105207/320/320/149116792-105207410-1582440383.jpg)
#Magic call app download for jio phone android
In this blog, we will describe the complete infection chain, and the timeline of this threat actor highlighting how they have changed the theme over a period of time to distribute the malicious Android apps.
![magic call app download for jio phone magic call app download for jio phone](https://cdna.c3dt.com/preview/40047-com.magicjack.jpg)
Attackers are leveraging that theme to lure the users by misinforming them that TikTok is available in India again.Īnother instance we observed recently involved the threat actor leveraging a “Free Lenovo Laptop” scheme by Indian government. In 2020, the TikTok app was banned by the government of India. One of the Android apps masquerades as a TikTok App. We identified several GitHub accounts which are hosting malicious Android mobile apps (APK files) and web pages which are used actively in this campaign.
#Magic call app download for jio phone install
This threat actor leverages latest events and news related to India as a social engineering theme in order to lure users to download and install these malicious Android apps. In March 2021, through Zscaler cloud we identified a few download requests for malicious Android applications which were hosted on sites crafted by the threat actor to social engineer users in India.