Jump to content
Sign in to follow this  
RayVermilion

Trojan.Svpeng.rn found in Osmand~

Recommended Posts

Hello,

I am using Malwarebytes for Android version 3.2.1.2 with the malware-database 2018.03.27.01 and phishing-database 2018.03.27.03.
Atm I have the premium functions activated.

I downloaded and installed Osmand~ from f-droid https://f-droid.org/packages/net.osmand.plus/ version 2.9.3.

Right after the download Malwarebytes and Eset do not find anything suspicious.

After a few hours Malwarebytes shows a critical problem with Osmand~ which should contain the SvPeng trojan (attachement).

I downloaded the maps
- world overview
- Germany Baden-Württemberg
- Germany Bayern (just roads)
- Germany Hessen (just roads)
- Germany Nordrhein-Westfalen
- wikipedia Baden-Württemberg
- wikipedia Nordrhein-Westfalen

TTS is activated for germand language.
I also use the addons for editing OSM and for the parkposition.

Its the third time i can reproduce this warning.
The version 2.8.2 (on f-droid, below) has the same problem.

Eset did not find anything.
I uploaded the apk on virustotal, there were no threads.
https://www.virustotal.com/#/url/b5a1420d495543cd9f0e85e8e6781c5b434f690c81cb7d886edf38086fd4b093/detection

I would like to extract the base.apk which can be found at "data/app/net.osmand.plus-1/base.apk (Screen 2),
but I have no root access on my device.

Either osmand~ ist downloading a new base.apk within a few hours and installing it on the device without asking (which hopefully should be not possible),
or there is a false positive warning from malwarebytes.

Best regards,
Ray

 

Screen1.jpg

Screen2.jpg

Edited by RayVermilion

Share this post


Link to post
Share on other sites

Hi @RayVermilion,

You're right, something weird is going on here.  The original version of OsmAnd from F-Droid is clean alright.  It must be updating to a version that is being detected.  Could you send me a Apps Report so I can look at the exact version that is being flagged?

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

Let me know when you submit so I can have a look,

Nathan

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.