A number of the fake feedback have numerous loves that might be connected to many other commands done by this spyware which can be capable of finding this text content and provides them a love:

Figure 6. Command “rate_words” which can be utilized to vote for fraudulent reviews

Commands and Parameters Decryption

Android/LeifAccess.A shops A hashtable map, in a SharedPreferences XML structure, in which the key may be the function title in addition to value may be the parameter employed by the commands. The real function names (plain text) and parameters are obfuscated, encrypted, salted and/or one-way hashed (md5 or sha-1) to avoid detection.

Figure 3. De-obfuscated selection of strings utilized as complete resource that is qualified associated with the view id access to execute fake reviews abusing accessibility solutions

Android/LeifAccess will try to install and install the prospective application because a person account only can compose reviews of apps which have formerly been set up. Continue reading