Here is a translation of the notice made by Google Translate. 6/18pic.twitter.com/ceCe7bvcGK
French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho and others. Not completely schizophrenic. Not related to USANetwork. DMs open.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Add this Tweet to your website by copying the code below. Learn more
Add this video to your website by copying the code below. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
| Country | Code | For customers of |
|---|---|---|
| United States | 40404 | (any) |
| Canada | 21212 | (any) |
| United Kingdom | 86444 | Vodafone, Orange, 3, O2 |
| Brazil | 40404 | Nextel, TIM |
| Haiti | 40404 | Digicel, Voila |
| Ireland | 51210 | Vodafone, O2 |
| India | 53000 | Bharti Airtel, Videocon, Reliance |
| Indonesia | 89887 | AXIS, 3, Telkomsel, Indosat, XL Axiata |
| Italy | 4880804 | Wind |
| 3424486444 | Vodafone | |
| » See SMS short codes for other countries | ||
This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.
Hover over the profile pic and click the Following button to unfollow any account.
When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.
Get instant insight into what people are talking about now.
Follow more accounts to get instant updates about topics you care about.
See the latest conversations about any topic instantly.
Catch up instantly on the best stories happening as they unfold.
Here is a translation of the notice made by Google Translate. 6/18pic.twitter.com/ceCe7bvcGK
As noticed by users on @HackerNews, this notice contains a QR code that allows you to download spyware. To this day the link is still active. 7/18
http://47.93.5.238:8081/APP/GA_AJ_JK/GA_AJ_JK_GXH.apk
By playing with the parameters of the URL, we can find 2 other applications. The links on the page can be translated: "Download Public Security Check", "Download Public Security Project". 8/18 http://47.93.5.238:8081/APP/
Thanks to VirusTotal I managed to get 6 different additional samples. I will analyse these applications in a next thread, this one is already super long. 9/18
The IP address 47.93.5.238 corresponds to http://bxaq.landaitap.com . Whois information shows that this domain has been registered with a landasoft address. 10/18pic.twitter.com/1hh5t2Nezo
According to @Bloomberg, Shanghai Landasoft Data Technology Inc. designs and develops prepackaged software solutions for data management and analysis; human management; and criminal suspects trajectory and intelligence analysis. 11/18
https://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=417407133 …
Moreover, did you notice the itap in the URL? iTAP is a "product" of Landasoft. Here is the video presentation available on their website. Take the time to watch the full video and then think about the implications. 12/18pic.twitter.com/b9U91rAgm1
If you want to know more about iTAP and how it's use, you can check the case center. 13/18 http://www.landasoft.com/html/class/dsjfx/itapalzx/index.html …
By analyzing the APKs found previously, we can find the iTAP backend which is accessible only on mobile. 14/18pic.twitter.com/7eCJVevT7n
Take the time to zoom in on the banners, to observe the number of logos. It's frightening... 15/18pic.twitter.com/BLp2xBD7WA
From this site you can download 2 files called ITAP_x32 and ITAP_x64. These archives contains an exe file detected as Trojan.Win32.KillProc.eljgui by NANO-Antivirus. 16/18 https://www.virustotal.com/#/file/e9ab71b4a57a3f9011cbc5aaba846ab5361f09208810ead1360861c69e5071bb/detection …
This exe file will install a modified version of Chrome. If you are a reverse engineer specialized in this field, can you analyze this file? Your help will be super appreciate. 17/18pic.twitter.com/HkTT0XyboC
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.