PM-KISAN-REJISTATION
.docx
School
Parul Institute of Engineering and Technology**We aren't endorsed by this school
Course
COMPUTER S NETWORKS
Subject
Information Systems
Date
Jan 9, 2025
Pages
5
Uploaded by MegaTreeIbex33
APK ANALYSIS(PM-KISAN-REJISTATION.apk)Effective Summary:The report highlights the examination of Mobile Android Malware application posing as PM Kishan Yojana, which multiple security vendors have identified as malicious. Some of the observations related to this App:1. Malicious apps are luring victims in the name of registering/applying for the PM Kisan yojana & Banking services.2. Applications intend to capture confidential financial data ofcitizens with the fake axis netbanking portal in apk.3. Application use 000webhostapp ( a website hosting service) to host the website ( found in application) Information found in apk analysis:Mobile/Phone No.+916202040311AddressBihar, IndiaE-mail/G-mailprincedss7281@gmail.comAPIhttps://sophistical3-debts.000webhostapp.com/add.phpWebsitehttps://sophistical3-debts.000webhostapp.com/Website Hosting Server000webhostapp
Analysis :-Application interface/ Application WorkflowDomainhttps://sophistical3-debts.000webhostapp.com/add.phpNature of applicationImpersonating Axis bank NetBanking portalName of the applcationPM KISHAN REJISTATION.apk
Package namecom.com.com.jdskjhd.texiaxisrahulbhainphthtyyynpiiinplloooqqqqMain activitycom.com.com.jdskjhd.texiaxisrahulbhai.MainActivitySHA-25620f02f938322a87edd2042ccdd9b87e1839db92a2a4b9d02fc159a7fd0973befVirus Total Link of APKhttps://www.virustotal.com/gui/file/20f02f938322a87edd2042ccdd9b87e1839db92a2a4b9d02fc159a7fd0973befNetwork connectionswith serverhttps://sophistical3-debts.000webhostapp.com/Whoislookup on Domain000webhostapp.com
Suspicious androidpermissionsPhone Number extracted from Source Code6202040311SDR report
True Caller Information Name: Apna Time Aayega KomalAddress: Bihar, IndiaGmail: princedss7281@gmail.comMethodology :-An attacker exploits app and website databases to gather victim information, focusing on hard-coded phone numbers in the source code. Using the application, they forward OTPs and SMS messages to their own number. They deceive victims through a fake net banking interface, collecting sensitive information such as phone numbers, bank details (card number, CVV, expiry date), MPIN, and login credentials. The malicious APK operates in the background by disabling power saver settings and enabling auto-start, making it persist on the device. Disguised as Google Play Services, it becomes difficult for users to detect.