kopia lustrzana https://github.com/jonathandata1/pegasus_spyware
2.5 KiB
2.5 KiB
Pegasus Spyware Samples Decompiled & Recompiled
Author: Jonathan Scott @jonathandata1
CURRENT VERSION 3.5
About Jonathan Scott
My name is Jonathan Scott, and I'm an American Security Researcher. I am currently a computer science PhD student at North Central University. My research focus is mobile spyware. I have been a mobile security engineer for ~13 years.
I was recently assigned an LVE from LG that affects all LG mobile devices in the world. I discovered a backdoor in all LG Mobile Devices that allows the attacker to live inside your device undetected. This has been built into the MTK chipsets since the 1st LG Smart Mobile Device (Cellphones and Tablets).
LVE-SMP-210010
source: https://lgsecurity.lge.com/bulletins/mobile#updateDetails
Description:
Operating System: AndroidOS
Samples 1-5.1 are executable and functional. I am still working on cleaning up Sample #6, but most the XML data can be read.
Steps To Install & Research The Spyware Samples
- Enable ADB on your android
- Disable Android Protect
- adb install sample#.apk
- launch the apk, example
adb shell am start com.xxGameAssistant.pao/.SplashActivity
Update: Sample 5.1
This sample can be installed as a standalone apk, but you will need to uninstall sample 5.
adb uninstall com.network.android
Sample 5.1 is also called com.network.android
Samples Included
| Sample # | Hash |
|---|---|
| Sample 1 | d257cfde7599f4e20ee08a62053e6b3b936c87d373e6805f0e0c65f1d39ec320 |
| Sample 2 | cc9517aafb58279091ac17533293edc1 |
| Sample 3 | bd8cda80aaee3e4a17e9967a1c062ac5c8e4aefd7eaa3362f54044c2c94db52a |
| Sample 4 | 144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e |
| Sample 5 | 7c3ad8fec33465fed6563bbfabb5b13d |
| Sample 5.1 | 3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86 |
| Sample 6 | 530b4f4d139f3ef987d661b2a9f74f5f |
Acknowledgements
@vxunderground for providing the samples
@recordedfuture for validation
