Spotify v8[.]8[.]28[.]409 [AB Sherlock] (Merged)[.]apk

Resubmissions

20-05-2023 00:02

230520-abml1ahb45 9

19-05-2023 23:59

230519-31wv7abh4v 7

19-05-2023 23:53

230519-3xg8mabh2y 9

Sharing

Copy URL

Twitter E-mail

General

Target

Spotify v8.8.28.409 [AB Sherlock] (Merged).apk
Size

65.2MB
MD5

fc67ef16ad3a656d19ac1ccfde875b03
SHA1

b23ac3949ad56d5433f89468e7736bedf879a9ff
SHA256

569c354a3a5d4a577624039902953fd5161220bf5de58d222a939863a9ae9a3b
SHA512

68c824ba9b0783c75571a93d904b8edfbd9f2b5b0fb6ee97b7f2e962cdff2c5e6210e880483539ba05f0b1f9ef24760ae4bcd3f92c156bb222b822c0c080cc45
SSDEEP

1572864:XhUVLElwM+g6lG8CG12eVyfCwNVkyotS1sjHDT:XyVLElwMGlxyfCww5tSOTDT

Score

7^/10

Malware Config

Signatures

Requests dangerous framework permissions 11 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read audio files from external storage.	android.permission.READ_MEDIA_AUDIO
Allows an application to read image files from external storage.	android.permission.READ_MEDIA_IMAGES
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Required to be able to connect to paired Bluetooth devices.	android.permission.BLUETOOTH_CONNECT
Required to be able to discover and pair nearby Bluetooth devices.	android.permission.BLUETOOTH_SCAN
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows access to the list of accounts in the Accounts Service.	android.permission.GET_ACCOUNTS
Required to be able to advertise to nearby Bluetooth devices	android.permission.BLUETOOTH_ADVERTISE

Files

Spotify v8.8.28.409 [AB Sherlock] (Merged).apk
.apk android arch:arm64 arch:arm

com.spotify.music

com.spotify.music.MainActivity

Activities

com.spotify.music.MainActivity

android.intent.action.MAIN
android.intent.action.MAIN
android.intent.action.MUSIC_PLAYER
android.nfc.action.NDEF_DISCOVERED
android.intent.action.SEARCH
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.VIEW
android.intent.action.SEARCH
android.media.action.MEDIA_PLAY_FROM_SEARCH
android.media.action.MEDIA_PLAY_FROM_SEARCH
android.intent.action.APPLICATION_PREFERENCES
com.sonymobile.media.dashboard.ACTION_VIEW_MUSIC_TILE
android.intent.action.VIEW
android.intent.action.VIEW

com.spotify.partneraccountlinking.partneraccountlinking.PartnerAccountLinkingActivity

android.intent.action.VIEW

com.spotify.login.loginflowimpl.LoginActivity

com.spotify.mobile.android.service.action.session.LOGIN

com.spotify.appauthorization.sso.AuthorizationActivity

com.spotify.sso.action.START_AUTH_FLOW
com.spotify.sso.action.START_GOOGLE_AUTH_FLOW_V1
android.intent.action.VIEW

com.spotify.gpb.formofpaymentgpb.checkoutpage.GoogleCheckoutActivity

spotify.intent.action.GPB_CHECKOUT

com.spotify.gpb.formofpaymentgpb.checkoutpage.TranslucentGoogleCheckoutActivity

spotify.intent.action.GPB_CHECKOUT

com.spotify.allboarding.allboardingimpl.AllboardingActivity

spotify.intent.action.ALLBOARDING

com.spotify.appauthorization.externallogin.LoginRedirectActivity

com.spotify.music.ACTION_EXTERNAL_LOGIN

com.facebook.CustomTabActivity

android.intent.action.VIEW

Permissions

android.permission.READ_PHONE_STATE
android.permission.VIBRATE
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.BROADCAST_STICKY
android.permission.INTERNET
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.NFC
android.permission.FOREGROUND_SERVICE
android.permission.WAKE_LOCK
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_MEDIA_AUDIO
android.permission.READ_MEDIA_IMAGES
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.POST_NOTIFICATIONS
com.spotify.music.permission.C2D_MESSAGE
com.spotify.music.permission.INTERNAL_BROADCAST
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH_CONNECT
android.permission.BLUETOOTH_SCAN
android.permission.RECORD_AUDIO
com.spotify.music.permission.SECURED_BROADCAST
android.permission.USE_CREDENTIALS
android.permission.GET_ACCOUNTS
com.sony.snei.np.android.account.provider.permission.DUID_READ_PROVIDER
com.android.launcher.permission.INSTALL_SHORTCUT
com.samsung.WATCH_APP_TYPE.Companion
android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK
android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE
com.google.android.gms.permission.AD_ID
com.samsung.android.rubin.context.permission.READ_CONTEXT_MANAGER
com.sec.android.app.clockpackage.permission.READ_ALARM
android.permission.BLUETOOTH_ADVERTISE
com.google.android.apps.meetings.permission.MEET_LIVE_SHARING
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.spotify.music.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
com.samsung.android.samsungaccount.permission.ACCOUNT_MANAGER
com.android.vending.BILLING

Receivers

com.spotify.interapp.service.service.BluetoothAclReceiver

android.bluetooth.device.action.ACL_CONNECTED
android.bluetooth.device.action.ACL_DISCONNECTED

com.spotify.interapp.service.service.InterAppStartServerReceiver

com.spotify.music.service.bluetooth.action.START_APP_PROTOCOL_SERVER

com.spotify.accessory.statemanagerimpl.bluetooth.connectionstate.BluetoothConnectionStateReceiver

android.bluetooth.a2dp.profile.action.CONNECTION_STATE_CHANGED

com.spotify.carmobile.wazesdk.navigation.WazeWakeUpReceiver

com.waze.sdk.audio.ACTION_INIT

com.spotify.widget.widget.SpotifyWidget

android.appwidget.action.APPWIDGET_UPDATE
com.spotify.mobile.android.ui.widget.PREVIOUS
com.spotify.mobile.android.ui.widget.PLAY
com.spotify.mobile.android.ui.widget.NEXT

com.spotify.mediasession.mediasession.receiver.MediaButtonReceiver

android.intent.action.MEDIA_BUTTON

com.spotify.music.alarmlauncher.SpotifyAlarmLauncherReceiver

com.spotify.music.ACTION_PREPARE

com.spotify.proactiveplatforms.recommendationswidget.RecommendationsWidgetProvider

android.appwidget.action.APPWIDGET_UPDATE
com.spotify.proactiveplatforms.recommendationswidget.ACTION_USER_LOGIN
com.spotify.proactiveplatforms.recommendationswidget.ACTION_USER_LOGOUT

com.spotify.carmobile.carnotifications.CarNotificationsAclReceiver

android.bluetooth.device.action.ACL_CONNECTED
android.bluetooth.device.action.ACL_DISCONNECTED

com.spotify.preload.notification.PreloadNotificationReceiver

android.intent.action.BOOT_COMPLETED
com.spotify.preload.notification.ALARM

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_ACCESS_TOKEN_CHANGED

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

com.facebook.sdk.ACTION_CURRENT_AUTHENTICATION_TOKEN_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

android.intent.action.BATTERY_OKAY
android.intent.action.BATTERY_LOW

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

android.intent.action.DEVICE_STORAGE_LOW
android.intent.action.DEVICE_STORAGE_OK

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

android.net.conn.CONNECTIVITY_CHANGE

androidx.work.impl.background.systemalarm.RescheduleReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.TIME_SET
android.intent.action.TIMEZONE_CHANGED

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.background.systemalarm.UpdateProxies

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.work.diagnostics.REQUEST_DIAGNOSTICS

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE

Services

com.spotify.music.libs.mediabrowserservice.SpotifyMediaBrowserService

android.media.browse.MediaBrowserService

com.spotify.interapp.service.service.AppProtocolRemoteService

com.spotify.mobile.appprotocol.action.START_APP_PROTOCOL_SERVICE

com.spotify.wear.wearabledatalayer.SpotifyWearableListenerService

com.google.android.gms.wearable.MESSAGE_RECEIVED
com.google.android.gms.wearable.REQUEST_RECEIVED

com.spotify.connect.mediarouteprovider.SpotifyMediaRouteProviderService

android.media.MediaRouteProviderService

com.spotify.notifications.notificationssdk.SpotifyFirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.spotify.music.alarmlauncher.SpotifyAlarmLauncherService

com.spotify.music.ACTION_PREPARE

com.spotify.superbird.controlothermedia.NotificationListener

android.service.notification.NotificationListenerService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

Android Permissions

Spotify v8.8.28.409 [AB Sherlock] (Merged).apk

Permissions

android.permission.READ_PHONE_STATE

android.permission.VIBRATE

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.BROADCAST_STICKY

android.permission.INTERNET

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.NFC

android.permission.FOREGROUND_SERVICE

android.permission.WAKE_LOCK

android.permission.READ_EXTERNAL_STORAGE

android.permission.READ_MEDIA_AUDIO

android.permission.READ_MEDIA_IMAGES

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.CHANGE_WIFI_MULTICAST_STATE

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.POST_NOTIFICATIONS

com.spotify.music.permission.C2D_MESSAGE

com.spotify.music.permission.INTERNAL_BROADCAST

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.BLUETOOTH_CONNECT

android.permission.BLUETOOTH_SCAN

android.permission.RECORD_AUDIO

com.spotify.music.permission.SECURED_BROADCAST

android.permission.USE_CREDENTIALS

android.permission.GET_ACCOUNTS

com.sony.snei.np.android.account.provider.permission.DUID_READ_PROVIDER

com.android.launcher.permission.INSTALL_SHORTCUT

com.samsung.WATCH_APP_TYPE.Companion

android.permission.FOREGROUND_SERVICE_MEDIA_PLAYBACK

android.permission.FOREGROUND_SERVICE_CONNECTED_DEVICE

com.google.android.gms.permission.AD_ID

com.samsung.android.rubin.context.permission.READ_CONTEXT_MANAGER

com.sec.android.app.clockpackage.permission.READ_ALARM

android.permission.BLUETOOTH_ADVERTISE

com.google.android.apps.meetings.permission.MEET_LIVE_SHARING

com.google.android.c2dm.permission.RECEIVE

com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

com.spotify.music.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

com.samsung.android.samsungaccount.permission.ACCOUNT_MANAGER

com.android.vending.BILLING

Resubmissions

Sharing

General

Malware Config

Signatures

Files

com.spotify.music

com.spotify.music.MainActivity

Activities

com.spotify.music.MainActivity

com.spotify.partneraccountlinking.partneraccountlinking.PartnerAccountLinkingActivity

com.spotify.login.loginflowimpl.LoginActivity

com.spotify.appauthorization.sso.AuthorizationActivity

com.spotify.gpb.formofpaymentgpb.checkoutpage.GoogleCheckoutActivity

com.spotify.gpb.formofpaymentgpb.checkoutpage.TranslucentGoogleCheckoutActivity

com.spotify.allboarding.allboardingimpl.AllboardingActivity

com.spotify.appauthorization.externallogin.LoginRedirectActivity

com.facebook.CustomTabActivity

Permissions

Receivers

com.spotify.interapp.service.service.BluetoothAclReceiver

com.spotify.interapp.service.service.InterAppStartServerReceiver

com.spotify.accessory.statemanagerimpl.bluetooth.connectionstate.BluetoothConnectionStateReceiver

com.spotify.carmobile.wazesdk.navigation.WazeWakeUpReceiver

com.spotify.widget.widget.SpotifyWidget

com.spotify.mediasession.mediasession.receiver.MediaButtonReceiver

com.spotify.music.alarmlauncher.SpotifyAlarmLauncherReceiver

com.spotify.proactiveplatforms.recommendationswidget.RecommendationsWidgetProvider

com.spotify.carmobile.carnotifications.CarNotificationsAclReceiver

com.spotify.preload.notification.PreloadNotificationReceiver

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.facebook.CurrentAccessTokenExpirationBroadcastReceiver

com.facebook.AuthenticationTokenManager$CurrentAuthenticationTokenChangedBroadcastReceiver

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy

androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy

androidx.work.impl.background.systemalarm.RescheduleReceiver

androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver

androidx.work.impl.diagnostics.DiagnosticsReceiver

androidx.profileinstaller.ProfileInstallReceiver

Services

com.spotify.music.libs.mediabrowserservice.SpotifyMediaBrowserService

com.spotify.interapp.service.service.AppProtocolRemoteService

com.spotify.wear.wearabledatalayer.SpotifyWearableListenerService

com.spotify.connect.mediarouteprovider.SpotifyMediaRouteProviderService

com.spotify.notifications.notificationssdk.SpotifyFirebaseMessagingService

com.spotify.music.alarmlauncher.SpotifyAlarmLauncherService

com.spotify.superbird.controlothermedia.NotificationListener

com.google.firebase.messaging.FirebaseMessagingService

Android Permissions

Spotify v8.8.28.409 [AB Sherlock] (Merged).apk