Trusted Design

Android trojan drops in, despite Google Bouncer

概要

We at ESET recently discovered an interesting stealth attack on Android users, an app that is a regular game but with one interesting addition: the application was bundled with another application with the name systemdata or resourcea and that’s certainly a bit fishy. Why would a regular game downloaded from the official Google Play store come with another application named systemdata? This particular application/game from Google Play Store is certainly not a system application, as the name seems intended to suggest. The packaged application is dropped silently onto the device but has to ask the user to actually install it. The app requesting the installation is passed off as a ‘Manage Settings’ app. After installation, the application runs in the background as service. ESET detects the games that install the Trojan as Android/TrojanDropper.Mapin and the Trojan itself as Android/Mapin.

Created: 2026-02-23

Indicators

類似Pulses

Porn clicker keeps infecting apps on Google Play (score: 0.62)
New Android "Ghost Push" Variants (score: 0.61)
Exaspy – Commodity Android Spyware Targeting High-level Executives (score: 0.59)
Trojan-Banker.AndroidOS.Faketoken follow-up (score: 0.57)
Spyware Disguises as Android Applications on Google Play (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 12.73

Matched TTPs:

T1560.003 - Archive via Custom Method
T1218.013 - Mavinject
T1588.001 - Malware
T1573 - Encrypted Channel
T1008 - Fallback Channels

MITREへのリンク →

Scattered Spider

Score: 7.13

Matched TTPs:

T1560.003 - Archive via Custom Method
T1022 - Data Encrypted

MITREへのリンク →

TA505

Score: 6.91

Matched TTPs:

T1560.003 - Archive via Custom Method
T1016.002 - Wi-Fi Discovery

MITREへのリンク →

Volt Typhoon

Score: 4.42

Matched TTPs:

T1560.003 - Archive via Custom Method
T1218.013 - Mavinject

MITREへのリンク →

APT3

Score: 3.29

Matched TTPs:

T1560.003 - Archive via Custom Method

MITREへのリンク →

FIN13

Score: 9.18

Matched TTPs:

T1560.003 - Archive via Custom Method
T1218.013 - Mavinject
T1588.001 - Malware
T1105 - Ingress Tool Transfer

MITREへのリンク →

TeamTNT

Score: 4.98

Matched TTPs:

T1218.013 - Mavinject
T1022 - Data Encrypted

MITREへのリンク →

BRONZE BUTLER

Score: 4.42

Matched TTPs:

T1218.013 - Mavinject
T1008 - Fallback Channels

MITREへのリンク →

FIN7

Score: 8.83

Matched TTPs:

T1218.013 - Mavinject
T1588.001 - Malware
T1573 - Encrypted Channel
T1105 - Ingress Tool Transfer

MITREへのリンク →

Patchwork

Score: 4.42

Matched TTPs:

T1218.013 - Mavinject
T1008 - Fallback Channels

MITREへのリンク →

Transparent Tribe

Score: 3.80

Matched TTPs:

T1218.013 - Mavinject
T1105 - Ingress Tool Transfer

MITREへのリンク →

BackdoorDiplomacy

Score: 3.23

Matched TTPs:

T1218.013 - Mavinject
T1588.001 - Malware

MITREへのリンク →

RedCurl

Score: 7.42

Matched TTPs:

T1218.013 - Mavinject
T1016.002 - Wi-Fi Discovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT28

Score: 7.94

Matched TTPs:

T1218.013 - Mavinject
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls

MITREへのリンク →

Naikon

Score: 3.23

Matched TTPs:

T1218.013 - Mavinject
T1588.001 - Malware

MITREへのリンク →

Aquatic Panda

Score: 3.23

Matched TTPs:

T1218.013 - Mavinject
T1588.001 - Malware

MITREへのリンク →

APT32

Score: 11.93

Matched TTPs:

T1218.013 - Mavinject
T1588.001 - Malware
T1174 - Password Filter DLL
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

Tropic Trooper

Score: 3.80

Matched TTPs:

T1218.013 - Mavinject
T1105 - Ingress Tool Transfer

MITREへのリンク →

Magic Hound

Score: 6.85

Matched TTPs:

T1218.013 - Mavinject
T1016.002 - Wi-Fi Discovery
T1588.001 - Malware

MITREへのリンク →

PROMETHIUM

Score: 3.23

Matched TTPs:

T1218.013 - Mavinject
T1588.001 - Malware

MITREへのリンク →

LuminousMoth

Score: 3.80

Matched TTPs:

T1218.013 - Mavinject
T1105 - Ingress Tool Transfer

MITREへのリンク →

OilRig

Score: 11.57

Matched TTPs:

T1218.013 - Mavinject
T1592.002 - Software
T1526 - Cloud Service Discovery
T1556 - Modify Authentication Process

MITREへのリンク →

Carbanak

Score: 3.23

Matched TTPs:

T1218.013 - Mavinject
T1588.001 - Malware

MITREへのリンク →

Lazarus Group

Score: 19.68

Matched TTPs:

T1218.013 - Mavinject
T1588.001 - Malware
T1174 - Password Filter DLL
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process
T1216 - System Script Proxy Execution

MITREへのリンク →

menuPass

Score: 4.42

Matched TTPs:

T1218.013 - Mavinject
T1174 - Password Filter DLL

MITREへのリンク →

Kimsuky

Score: 9.67

Matched TTPs:

T1218.013 - Mavinject
T1588.001 - Malware
T1526 - Cloud Service Discovery
T1008 - Fallback Channels

MITREへのリンク →

Fox Kitten

Score: 3.23

Matched TTPs:

T1218.013 - Mavinject
T1588.001 - Malware

MITREへのリンク →

Mustang Panda

Score: 13.83

Matched TTPs:

T1218.013 - Mavinject
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1556 - Modify Authentication Process

MITREへのリンク →

Sandworm Team

Score: 7.69

Matched TTPs:

T1218.013 - Mavinject
T1016.002 - Wi-Fi Discovery
T1573 - Encrypted Channel

MITREへのリンク →

Rocke

Score: 10.93

Matched TTPs:

T1218.013 - Mavinject
T1022 - Data Encrypted
T1105 - Ingress Tool Transfer
T1008 - Fallback Channels

MITREへのリンク →

Higaisa

Score: 6.63

Matched TTPs:

T1569.003 - Systemctl
T1588.001 - Malware

MITREへのリンク →

Wizard Spider

Score: 7.99

Matched TTPs:

T1588.001 - Malware
T1526 - Cloud Service Discovery
T1556 - Modify Authentication Process

MITREへのリンク →

FIN6

Score: 4.84

Matched TTPs:

T1588.001 - Malware
T1556 - Modify Authentication Process

MITREへのリンク →

Threat Group-3390

Score: 6.08

Matched TTPs:

T1573 - Encrypted Channel
T1526 - Cloud Service Discovery

MITREへのリンク →

Daggerfly

Score: 6.21

Matched TTPs:

T1573 - Encrypted Channel
T1174 - Password Filter DLL

MITREへのリンク →

APT38

Score: 6.91

Matched TTPs:

T1174 - Password Filter DLL
T1216 - System Script Proxy Execution

MITREへのリンク →

GALLIUM

Score: 3.29

Matched TTPs:

T1174 - Password Filter DLL

MITREへのリンク →

Contagious Interview

Score: 7.28

Matched TTPs:

T1059.006 - Python
T1556 - Modify Authentication Process

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

BlackTech

Score: 3.15

Matched TTPs:

T1526 - Cloud Service Discovery

MITREへのリンク →

FIN8

Score: 5.90

Matched TTPs:

T1526 - Cloud Service Discovery
T1556 - Modify Authentication Process

MITREへのリンク →

HAFNIUM

Score: 6.80

Matched TTPs:

T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

APT37

Score: 3.62

Matched TTPs:

T1216 - System Script Proxy Execution

MITREへのリンク →

Medusa Group

Score: 3.62

Matched TTPs:

T1216 - System Script Proxy Execution

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.77

Matched TTPs:

T1556 - Modify Authentication Process
T1588.001 - Malware
T1174 - Password Filter DLL
T1216 - System Script Proxy Execution
T1105 - Ingress Tool Transfer
T1055.005 - Thread Local Storage
T1218.013 - Mavinject

MITREへのリンク →

APT41

Score: 0.56

Matched TTPs:

T1588.001 - Malware
T1008 - Fallback Channels
T1560.003 - Archive via Custom Method
T1218.013 - Mavinject
T1573 - Encrypted Channel

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る