DuFuBrowser[.]apk

General

Target

DuFuBrowser.apk
Size

111.5MB
MD5

c4323ce5c47ce94ee178f5da3fe33ad3
SHA1

2d592c71bf42b7b3ec051b8da1c1a63ad11a6374
SHA256

cb50ddcfc14917ecd03467735cc564a35ba31f5f82f94fbc92b89a770f2fda63
SHA512

773e2e14c971124dce8d0a06781e02ca55297634fb845d16140c97badcafdc6891a3c921dd4c8eb41f3809395c6e99aaa2a37cea2599c6b9fbd687f87b98406a
SSDEEP

1572864:HkJ7llHUQB0/W9Z8+L/bZVitoy6NMllJXKdCziLLBmbUaCYYWFqws4c02UP1zBrq:EHwN+LLQ2N6+dU4m/Y1d49PRN+8eLrf

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 8 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to record audio.	android.permission.RECORD_AUDIO
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS

Files

DuFuBrowser.apk
.apk android arch:arm64

com.mi.globalbrowser

com.android.browser.LauncherActivity

Activities

com.android.browser.LauncherActivity

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.speech.action.VOICE_SEARCH_RESULTS
com.android.browser.browser_search
android.intent.action.WEB_SEARCH
android.intent.action.MEDIA_SEARCH
android.intent.action.SEARCH

com.android.browser.BrowserSettingsActivity

miui.intent.action.APP_SETTINGS
android.intent.action.MANAGE_NETWORK_USAGE
android.intent.action.SEARCH
com.android.browser.OPEN_SETTINGS

com.android.browser.BookmarkSearchActivity

android.intent.action.SEARCH

com.android.browser.readmode.ReadModeDispatchActivity

com.android.browser.READMODE

com.android.browser.notificationcard.CleanTrashActivity

com.android.browser.OPEN_CLEANTRASHACTIVITY

com.android.browser.MiSchemeDispatcherActivity

android.intent.action.VIEW

com.android.browser.webapps.WebAppDispatcherActivity

miui.browser.webapps.OPEN_APP
android.intent.action.VIEW

com.android.browser.NativeGameCenterActivity

miui.browser.game.ACTION_OPEN_GAME

com.android.browser.webapps.pwa.PWADispatcherActivity

miui.browser.webapps.pwa.ACTION_OPEN_PWA
android.intent.action.VIEW

com.android.browser.detail.ExternalYtbRecommendDetailActivity

com.mi.browser.detail.action.ytb

com.xiaomi.assemble.control.DistributeActivity

com.xiaomi.push.MESSAGER

com.facebook.CustomTabActivity

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

com.xiaomi.mipush.sdk.NotificationClickedActivity

com.xiaomi.mipush.sdk.NotificationClickedActivity

com.android.fileexplorer.activity.SearchDetailActivity

com.mi.globalbrowser.action.SEARCH

com.android.fileexplorer.activity.FileCategoryActivity

com.mi.globalbrowser.action.FILE_CATEGORY

com.android.fileexplorer.activity.RecentAppsAndFoldersActivity

com.mi.globalbrowser.action.Apps

com.miui.office.OfficeMainActivity

miui.intent.action.VIEW_OFFICE

miui.browser.common_business.docviewer.ui.DocViewerActivity

android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW

com.xiaomi.passport.ui.internal.QuickLoginActivity

com.xiaomi.account.action.XIAOMI_ACCOUNT_QUICK_LOGIN

Permissions

android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_DOWNLOAD_MANAGER
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.GET_ACCOUNTS_PRIVILEGED
android.permission.AUTHENTICATE_ACCOUNTS
android.permission.USE_CREDENTIALS
android.permission.INTERNET
android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS
android.permission.SET_WALLPAPER
android.permission.WAKE_LOCK
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_SYNC_SETTINGS
android.permission.READ_SYNC_STATS
android.permission.WRITE_SECURE_SETTINGS
android.permission.WRITE_SYNC_SETTINGS
android.permission.WRITE_SETTINGS
android.permission.MANAGE_ACCOUNTS
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.GET_TASKS
android.permission.REORDER_TASKS
android.permission.STOP_APP_SWITCHES
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.miui.home.launcher.permission.UNINSTALL_SHORTCUT
com.mi.globalbrowser.permission.WRITE_PROVIDER
android.permission.VIBRATE
com.android.launcher.permission.READ_SETTINGS
com.android.launcher.permission.WRITE_SETTINGS
com.xiaomi.permission.CLOUD_MANAGER
com.xiaomi.permission.SYNC_TAG_DATA
miui.permission.USE_INTERNAL_GENERAL_API
android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
android.permission.INTERACT_ACROSS_USERS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECORD_AUDIO
android.permission.DEVICE_POWER
com.xiaomi.permission.MICLOUD
com.xiaomi.market.sdk.UPDATE
com.google.android.c2dm.permission.RECEIVE
android.permission.SET_PREFERRED_APPLICATIONS
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.FOREGROUND_SERVICE
com.practo.fabric.permission.START_ACTIVITY
com.miui.systemAdSolution.adSwitch.PROVIDER
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.xiaomi.permission.AUTH_SERVICE
android.permission.CAMERA
android.permission.QUERY_ALL_PACKAGES
com.anroid.settings.permission.PRIVACY_AUTHORIZATION_DIALOG
com.mi.globalbrowser.permission.MIPUSH_RECEIVE
android.permission.READ_CONTACTS
android.permission.READ_SEARCH_INDEXABLES
com.android.email.permission.READ_ATTACHMENT
android.permission.GET_ACCOUNTS
com.google.android.gms.permission.AD_ID
com.android.settings.permission.CLOUD_SETTINGS_PROVIDER
com.xiaomi.passport.permission.PASSPORT_UI_CONTROLLER_SERVICE
com.android.vending.BILLING

Receivers

com.android.browser.widget.ShortcurtsWidget

android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE

com.android.browser.widget.DeskTopWidget

android.appwidget.action.APPWIDGET_UPDATE
miui.appwidget.action.APPWIDGET_UPDATE

com.xiaomi.push.service.receivers.PingReceiver

com.xiaomi.push.PING_TIMER

com.android.browser.push.BrowserPushSDKReceiver

com.xiaomi.mipush.RECEIVE_MESSAGE
com.xiaomi.mipush.MESSAGE_ARRIVED
com.xiaomi.mipush.ERROR

com.android.browser.MiAccountsChangedReceiver

android.accounts.LOGIN_ACCOUNTS_PRE_CHANGED

com.xiaomi.push.service.receivers.NetworkStatusReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

Services

miui.browser.cloud.BrowserSyncService

android.content.SyncAdapter

com.android.browser.backup.BrowserBackupService

miui.action.CLOUD_BACKUP_SETTINGS
miui.action.CLOUD_RESTORE_SETTINGS

com.xiaomi.assemble.control.MiFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.xiaomi.passport.accountmanager.MiAuthenticatorService

com.xiaomi.accounts.AccountAuthenticator

Android Permissions

DuFuBrowser.apk

Permissions

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_DOWNLOAD_MANAGER

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_NETWORK_STATE

android.permission.GET_ACCOUNTS_PRIVILEGED

android.permission.AUTHENTICATE_ACCOUNTS

android.permission.USE_CREDENTIALS

android.permission.INTERNET

android.permission.SEND_DOWNLOAD_COMPLETED_INTENTS

android.permission.SET_WALLPAPER

android.permission.WAKE_LOCK

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_SYNC_SETTINGS

android.permission.READ_SYNC_STATS

android.permission.WRITE_SECURE_SETTINGS

android.permission.WRITE_SYNC_SETTINGS

android.permission.WRITE_SETTINGS

android.permission.MANAGE_ACCOUNTS

android.permission.READ_PRIVILEGED_PHONE_STATE

android.permission.GET_TASKS

android.permission.REORDER_TASKS

android.permission.STOP_APP_SWITCHES

com.android.browser.permission.READ_HISTORY_BOOKMARKS

com.android.browser.permission.WRITE_HISTORY_BOOKMARKS

com.android.launcher.permission.INSTALL_SHORTCUT

com.android.launcher.permission.UNINSTALL_SHORTCUT

com.miui.home.launcher.permission.UNINSTALL_SHORTCUT

com.mi.globalbrowser.permission.WRITE_PROVIDER

android.permission.VIBRATE

com.android.launcher.permission.READ_SETTINGS

com.android.launcher.permission.WRITE_SETTINGS

com.xiaomi.permission.CLOUD_MANAGER

com.xiaomi.permission.SYNC_TAG_DATA

miui.permission.USE_INTERNAL_GENERAL_API

android.permission.DOWNLOAD_WITHOUT_NOTIFICATION

android.permission.INTERACT_ACROSS_USERS

android.permission.SYSTEM_ALERT_WINDOW

android.permission.RECORD_AUDIO

android.permission.DEVICE_POWER

com.xiaomi.permission.MICLOUD

com.xiaomi.market.sdk.UPDATE

com.google.android.c2dm.permission.RECEIVE

android.permission.SET_PREFERRED_APPLICATIONS

android.permission.INTERACT_ACROSS_USERS_FULL

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.FOREGROUND_SERVICE

com.practo.fabric.permission.START_ACTIVITY

Sharing

General

Malware Config

Signatures

Files

com.mi.globalbrowser

com.android.browser.LauncherActivity

Activities

com.android.browser.LauncherActivity

com.android.browser.BrowserSettingsActivity

com.android.browser.BookmarkSearchActivity

com.android.browser.readmode.ReadModeDispatchActivity

com.android.browser.notificationcard.CleanTrashActivity

com.android.browser.MiSchemeDispatcherActivity

com.android.browser.webapps.WebAppDispatcherActivity

com.android.browser.NativeGameCenterActivity

com.android.browser.webapps.pwa.PWADispatcherActivity

com.android.browser.detail.ExternalYtbRecommendDetailActivity

com.xiaomi.assemble.control.DistributeActivity

com.facebook.CustomTabActivity

com.xiaomi.mipush.sdk.NotificationClickedActivity

com.android.fileexplorer.activity.SearchDetailActivity

com.android.fileexplorer.activity.FileCategoryActivity

com.android.fileexplorer.activity.RecentAppsAndFoldersActivity

com.miui.office.OfficeMainActivity

miui.browser.common_business.docviewer.ui.DocViewerActivity

com.xiaomi.passport.ui.internal.QuickLoginActivity

Permissions

Receivers

com.android.browser.widget.ShortcurtsWidget

com.android.browser.widget.DeskTopWidget

com.xiaomi.push.service.receivers.PingReceiver

com.android.browser.push.BrowserPushSDKReceiver

com.android.browser.MiAccountsChangedReceiver

com.xiaomi.push.service.receivers.NetworkStatusReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

Services

miui.browser.cloud.BrowserSyncService

com.android.browser.backup.BrowserBackupService

com.xiaomi.assemble.control.MiFirebaseMessagingService

com.google.firebase.messaging.FirebaseMessagingService

com.xiaomi.passport.accountmanager.MiAuthenticatorService

Android Permissions

DuFuBrowser.apk