You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It looks like MaxSecure is the only vendor marking it as malware. It labels it as:
Trojan.Dropper.AndroidOS.Hqwar.bb
I've done a little digging, so far it's not obvious why it's marking it as malicious. Closes thing that I've found research wise is an Kaspersky article written in 2017 about this type of Android Trojan and said that it was commonly abused in banking apps using some packer/obfuscation techniques. But first of all, the source code for this utility is online. I've tried looking at sections of that to see why it might flag it as malware. I've also reviewed the sandbox analysis/behavior results in VT. I've also tried decompiling the APK and I don't see any obvious signs of a packet being used yet. I'm confused.
I wanted you to know since it's not obvious why their Antivirus is marking it is malware, but they are.
The text was updated successfully, but these errors were encountered:
There are native binaries in the assets directory (e.g. a locally bundled version of curl) but there are no APKs in there. As noted above, everything is built from source.
It looks like MaxSecure is the only vendor marking it as malware. It labels it as:
Trojan.Dropper.AndroidOS.Hqwar.bb
I've done a little digging, so far it's not obvious why it's marking it as malicious. Closes thing that I've found research wise is an Kaspersky article written in 2017 about this type of Android Trojan and said that it was commonly abused in banking apps using some packer/obfuscation techniques. But first of all, the source code for this utility is online. I've tried looking at sections of that to see why it might flag it as malware. I've also reviewed the sandbox analysis/behavior results in VT. I've also tried decompiling the APK and I don't see any obvious signs of a packet being used yet. I'm confused.
I wanted you to know since it's not obvious why their Antivirus is marking it is malware, but they are.
The text was updated successfully, but these errors were encountered: