By playing with the parameters of the URL, we can find 2 other applications. The links on the page can be translated: "Download Public Security Check", "Download Public Security Project". 8/18 http://47.93.5.238:8081/APP/
-
Show this thread
-
Thanks to VirusTotal I managed to get 6 different additional samples. I will analyse these applications in a next thread, this one is already super long. 9/18
2 replies 3 retweets 16 likesShow this thread -
The IP address 47.93.5.238 corresponds to http://bxaq.landaitap.com . Whois information shows that this domain has been registered with a landasoft address. 10/18pic.twitter.com/1hh5t2Nezo
1 reply 3 retweets 13 likesShow this thread -
According to
@Bloomberg, Shanghai Landasoft Data Technology Inc. designs and develops prepackaged software solutions for data management and analysis; human management; and criminal suspects trajectory and intelligence analysis. 11/18 https://www.bloomberg.com/research/stocks/private/snapshot.asp?privcapId=417407133 …1 reply 2 retweets 16 likesShow this thread -
Moreover, did you notice the itap in the URL? iTAP is a "product" of Landasoft. Here is the video presentation available on their website. Take the time to watch the full video and then think about the implications. 12/18pic.twitter.com/b9U91rAgm1
2 replies 5 retweets 22 likesShow this thread -
If you want to know more about iTAP and how it's use, you can check the case center. 13/18 http://www.landasoft.com/html/class/dsjfx/itapalzx/index.html …
1 reply 2 retweets 15 likesShow this thread -
By analyzing the APKs found previously, we can find the iTAP backend which is accessible only on mobile. 14/18pic.twitter.com/7eCJVevT7n
1 reply 3 retweets 17 likesShow this thread -
Take the time to zoom in on the banners, to observe the number of logos. It's frightening... 15/18pic.twitter.com/BLp2xBD7WA
1 reply 4 retweets 14 likesShow this thread -
From this site you can download 2 files called ITAP_x32 and ITAP_x64. These archives contains an exe file detected as Trojan.Win32.KillProc.eljgui by NANO-Antivirus. 16/18 https://www.virustotal.com/#/file/e9ab71b4a57a3f9011cbc5aaba846ab5361f09208810ead1360861c69e5071bb/detection …
1 reply 2 retweets 12 likesShow this thread -
This exe file will install a modified version of Chrome. If you are a reverse engineer specialized in this field, can you analyze this file? Your help will be super appreciate. 17/18pic.twitter.com/HkTT0XyboC
4 replies 5 retweets 20 likesShow this thread
That's all! 18/18
-
-
Replying to @fs0c131y
Nico Retweeted Megha Rajagopalan
Nico added,
Megha RajagopalanVerified account @megharaNew: Researchers analyzed one of the surveillance apps China is forcing Uighurs to download at roadside checkpoints. They found it dispatches information about every multimedia file on your phone to a remote server https://www.buzzfeed.com/meghara/china-surveillance-app?utm_term=.mjWg8Y3ZL …0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.