Trusted Design

Android trojan drops in, despite Google Bouncer

概要

We at ESET recently discovered an interesting stealth attack on Android users, an app that is a regular game but with one interesting addition: the application was bundled with another application with the name systemdata or resourcea and that’s certainly a bit fishy. Why would a regular game downloaded from the official Google Play store come with another application named systemdata? This particular application/game from Google Play Store is certainly not a system application, as the name seems intended to suggest. The packaged application is dropped silently onto the device but has to ask the user to actually install it. The app requesting the installation is passed off as a ‘Manage Settings’ app. After installation, the application runs in the background as service. ESET detects the games that install the Trojan as Android/TrojanDropper.Mapin and the Trojan itself as Android/Mapin.

Created: 2026-02-23

Indicators

類似Pulses

Porn clicker keeps infecting apps on Google Play (score: 0.62)
New Android "Ghost Push" Variants (score: 0.61)
Exaspy – Commodity Android Spyware Targeting High-level Executives (score: 0.59)
Trojan-Banker.AndroidOS.Faketoken follow-up (score: 0.57)
Spyware Disguises as Android Applications on Google Play (score: 0.56)

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 12.73

Matched TTPs:

T1069 - Permission Groups Discovery
T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service
T1195.002 - Compromise Software Supply Chain
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Scattered Spider

Score: 7.13

Matched TTPs:

T1069 - Permission Groups Discovery
T1543.002 - Systemd Service

MITREへのリンク →

TA505

Score: 6.91

Matched TTPs:

T1069 - Permission Groups Discovery
T1087.003 - Email Account

MITREへのリンク →

Volt Typhoon

Score: 4.42

Matched TTPs:

T1069 - Permission Groups Discovery
T1036.005 - Match Legitimate Resource Name or Location

MITREへのリンク →

APT3

Score: 3.29

Matched TTPs:

T1069 - Permission Groups Discovery

MITREへのリンク →

FIN13

Score: 9.18

Matched TTPs:

T1069 - Permission Groups Discovery
T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service
T1564.001 - Hidden Files and Directories

MITREへのリンク →

TeamTNT

Score: 4.98

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1543.002 - Systemd Service

MITREへのリンク →

BRONZE BUTLER

Score: 4.42

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1102.001 - Dead Drop Resolver

MITREへのリンク →

FIN7

Score: 8.83

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service
T1195.002 - Compromise Software Supply Chain
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Patchwork

Score: 4.42

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Transparent Tribe

Score: 3.80

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1564.001 - Hidden Files and Directories

MITREへのリンク →

BackdoorDiplomacy

Score: 3.23

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service

MITREへのリンク →

RedCurl

Score: 7.42

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1087.003 - Email Account
T1564.001 - Hidden Files and Directories

MITREへのリンク →

APT28

Score: 7.94

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token

MITREへのリンク →

Naikon

Score: 3.23

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Aquatic Panda

Score: 3.23

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service

MITREへのリンク →

APT32

Score: 11.93

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service
T1036.003 - Rename Legitimate Utilities
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Tropic Trooper

Score: 3.80

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1564.001 - Hidden Files and Directories

MITREへのリンク →

Magic Hound

Score: 6.85

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1087.003 - Email Account
T1036.004 - Masquerade Task or Service

MITREへのリンク →

PROMETHIUM

Score: 3.23

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service

MITREへのリンク →

LuminousMoth

Score: 3.80

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1564.001 - Hidden Files and Directories

MITREへのリンク →

OilRig

Score: 11.57

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1137.004 - Outlook Home Page
T1588.003 - Code Signing Certificates
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Carbanak

Score: 3.23

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Lazarus Group

Score: 19.68

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service
T1036.003 - Rename Legitimate Utilities
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1529 - System Shutdown/Reboot

MITREへのリンク →

menuPass

Score: 4.42

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

Kimsuky

Score: 9.67

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service
T1588.003 - Code Signing Certificates
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Fox Kitten

Score: 3.23

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Mustang Panda

Score: 13.83

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1588.003 - Code Signing Certificates
T1027.007 - Dynamic API Resolution
T1564.001 - Hidden Files and Directories
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Sandworm Team

Score: 7.69

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1087.003 - Email Account
T1195.002 - Compromise Software Supply Chain

MITREへのリンク →

Rocke

Score: 10.93

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1543.002 - Systemd Service
T1564.001 - Hidden Files and Directories
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Higaisa

Score: 6.63

Matched TTPs:

T1029 - Scheduled Transfer
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Wizard Spider

Score: 7.99

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1588.003 - Code Signing Certificates
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

FIN6

Score: 4.84

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Threat Group-3390

Score: 6.08

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1588.003 - Code Signing Certificates

MITREへのリンク →

Daggerfly

Score: 6.21

Matched TTPs:

T1195.002 - Compromise Software Supply Chain
T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

APT38

Score: 6.91

Matched TTPs:

T1036.003 - Rename Legitimate Utilities
T1529 - System Shutdown/Reboot

MITREへのリンク →

GALLIUM

Score: 3.29

Matched TTPs:

T1036.003 - Rename Legitimate Utilities

MITREへのリンク →

Contagious Interview

Score: 7.28

Matched TTPs:

T1543.001 - Launch Agent
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

BlackTech

Score: 3.15

Matched TTPs:

T1588.003 - Code Signing Certificates

MITREへのリンク →

FIN8

Score: 5.90

Matched TTPs:

T1588.003 - Code Signing Certificates
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

HAFNIUM

Score: 6.80

Matched TTPs:

T1564.001 - Hidden Files and Directories
T1550.001 - Application Access Token

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1102.001 - Dead Drop Resolver

MITREへのリンク →

APT37

Score: 3.62

Matched TTPs:

T1529 - System Shutdown/Reboot

MITREへのリンク →

Medusa Group

Score: 3.62

Matched TTPs:

T1529 - System Shutdown/Reboot

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.77

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1036.004 - Masquerade Task or Service
T1036.003 - Rename Legitimate Utilities
T1564.001 - Hidden Files and Directories
T1529 - System Shutdown/Reboot
T1027.007 - Dynamic API Resolution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT41

Score: 0.56

Matched TTPs:

T1036.005 - Match Legitimate Resource Name or Location
T1069 - Permission Groups Discovery
T1102.001 - Dead Drop Resolver
T1195.002 - Compromise Software Supply Chain
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る