Don’t lose your privacy for Sarahah’s Anonymity

A new app called Sarahah, which allows people to receive anonymous feedback messages from friends and coworkers, has been quickly gaining popularity. Though it seems like a good concept, the app has already been criticized for silently uploading users’ contacts to its servers.  As a result of its quick growth, the ThreatLabZ team was certain the Sarahah app would be a top-of-mind target for attackers. We kept a close watch for any malicious indicators and came across a remote access Trojan (RAT) portraying itself as the app.  The Zscaler sandbox readily marked the fake Android app as malicious, as shown in screenshot below:  Fig 1 - Zscaler Sandbox report   The payload is a RAT variant created using DroidJack, a RAT builder that has been in the wild for quite a while. A few months back, we posted a blog about a fake system update on Google Play that was using traces of DroidJack. We also wrote recently about fake Pokemon GO variants, prepared using DroidJack, that were making the rounds in the wild.  DroidJack is a sophisticated piece of software that allows users to build Android Trojans with the ability to perform many invasive tasks:  Bind malicious code with any desired APK Delete/Add/Modify/Download/Upload files from a victim's device Spy on SMS Messages Record phone conversations Read/copy...
Read more