SHA1:
a762267d87bf1d33f0d94362629a476b581ae295
An unwanted application responsible for showing advertisements on Android mobile devices. It can be installed by Android.Spy.510 disguising as a program which supposedly assures a user`s anonymity.
Installed, the application starts to show advertisement only after a specific time period. To do that, as the installation is complete, it calculates the time of “incubation period” and saves it at SharedPreferences in the “Installer_Inc” variable.
Adware.AnonyPlayer.1.origin prompts the victim to allow the use of the Accessibility Service that will help him to monitor all system events.
After Adware.AnonyPlayer.1.origin identifies that a user launches this or that program, it checks if its packet name corresponds to the one of the applications in the following list:
- org.adw.launcher
- com.android.launcher
- com.android.systemui
- com.android.settings
- com.android.dialer
- com.huawei.android.launcher
- com.google.android.gm
- com.android.deskclock
- com.android.calendar
- com.android.contacts
- com.sec.android.app.camera
- com.lge.settings.easy
- com.android.providers.downloads.ui
- com.android.calculator2
- com.android.mms
- com.android.phone
- android
- com.lge.clock
- com.sec.android.app.launcher
- com.android.gallery
- com.android.camera
- com.google.android.apps.maps
- com.lge.launcher2
- com.apusapps.launcher
- com.lge.splitwindow
- com.sonyericsson.home
- com.android.incallui
- com.google.android.inputmethod.latin
- com.whatsapp
- com.android.packageinstaller
If the application is not in the list, Adware.AnonyPlayer.1.origin creates a special message using WebView, which is displayed on top of a user`s running program. This notification contains advertisement that is downloaded from the command and control server, located at http://39e377e52[removed].com.
If the application is found in the list, the advertisement function is not activated.