user profile

Raw Main
Raw Main
Member Since: 03-22-2017
6 Reviews
small-community-1
47.94.248.68
Malicious Android GMS Assistant/Helper

Security Issues :
—————-
- MDM tool including Remote Admin code (81.65% Dalvik reuse code - Teamviewer)
- DEX encrypted with Jiagu packer
- Aimed to Honor/Huawei devices running Android Nougat 7.0 (API Level 24) and higher
.
- Privacy riskware because of Jiagu's Qihoo default data collection = IMEI, IMSI, android_id, phone number, ICCID, DNS_IP, installed applications and version numbers, OS version, device model, WiFi MAC address, build version, kernel version, screen DPI, wifi_ssid, link speed, signal strength, IP address, etc.
.
.
Main Sources :
————–
http://www.lzplay.net
http://47.94.248.68/appstore/app-release.apk
http://39.106.117.54/appstore/app-release.apk

small-community-1
39.106.117.54
Malicious Android GMS Assistant/Helper

Security Issues :
—————-
- MDM tool including Remote Admin code (81.65% Dalvik reuse code - Teamviewer)
- DEX encrypted with Jiagu packer
- Aimed to Honor/Huawei devices running Android Nougat 7.0 (API Level 24) and higher
.
- Privacy riskware because of Jiagu's Qihoo default data collection = IMEI, IMSI, android_id, phone number, ICCID, DNS_IP, installed applications and version numbers, OS version, device model, WiFi MAC address, build version, kernel version, screen DPI, wifi_ssid, link speed, signal strength, IP address, etc.
.
.
Main Sources :
————–
http://www.lzplay.net
http://47.94.248.68/appstore/app-release.apk
http://39.106.117.54/appstore/app-release.apk

small-community-1
lzplay.net
Malicious Android GMS Assistant/Helper

Security Issues :
—————-
- MDM tool including Remote Admin code (81.65% Dalvik reuse code - Teamviewer)
- DEX encrypted with Jiagu packer
- Aimed to Honor/Huawei devices running Android Nougat 7.0 (API Level 24) and higher
.
- Privacy riskware because of Jiagu's Qihoo default data collection = IMEI, IMSI, android_id, phone number, ICCID, DNS_IP, installed applications and version numbers, OS version, device model, WiFi MAC address, build version, kernel version, screen DPI, wifi_ssid, link speed, signal strength, IP address, etc.
.
.
Main Sources :
————–
http://www.lzplay.net
http://47.94.248.68/appstore/app-release.apk
http://39.106.117.54/appstore/app-release.apk

small-community-1
stockisti.eu
Phishing + Escrow Scam Site

A. Company identification data mismatch = web page footers show VAT registration references related to the following company MultiNet Co Ltd - 26 Sant Elena Street, Mellieha, MLH 1012, MALTA - VAT No. MT15263903 - License No. 37/361.

However, terms/conditions & privacy agreements don't include such business infos, but even refer to a different and unspecified legal entity Stockisti - via Fedele CARETTI 7 - Varese (VA) - ITALY without any indication of full business name / VAT number (see for instance http://www.stockisti.eu/resi-e-recessi & http://www.stockisti.eu/contattaci ).

B. Website http://www.stockisti.eu pretends to be an online store but it fully lacks of HTTPS secure protocol support & it isn't GDPR compliant at all. Besides, there are no information about payment methods/terms.

C. Checking related page on Facebook https://www.facebook.com/www.stockisti.eu/ leads only to an Italian landline phone number 03321647227 without any business/corporate reference.

According to Google research such phone number has been used - sometimes together with Italian mobile phone number 3512978460 - for recent announcements on an online board (Subito.it) for buying and selling between individuals, where seller kept on declaring different city/location in Italy (Caserta, Varese, Verona). See :

https://webcache.googleusercontent.com/search?q=cache:nwn2xc5NoWEJ:https://www.subito.it/telefonia/huawei-p20-lite-dual-sim-nuovo-imballato-caserta-271728387.htm+&cd=6&hl=it&ct=clnk&gl=it

https://webcache.googleusercontent.com/search?q=cache:Dezt6r9BWG4J:https://www.subito.it/telefonia/honor-10-64gb-nuovo-imballato-garanzia-italia-verona-271124755.htm+&cd=1&hl=it&ct=clnk&gl=it

https://webcache.googleusercontent.com/search?q=cache:BMUkO7I2gbAJ:https://www.subito.it/telefonia/huawei-p20-lite-dual-sim-64-gb-garanzia-italia-varese-271320680.htm+&cd=4&;hl=it&ct=clnk&gl=it

D. There are no current UIBM/EUIPO/TMVIEW trademark records for STOCKISTI related to MultiNet Co Ltd or another Italian/European company = such textual/graphical trademark is owned by Malta company STK Europe LTD - VAT MT21399423, that licensed to Italian company Ellesse s.r.l. VAT IT13490711002 for e-commerce website www.stockisti.com until shutdown on July 2017 - following the intervention of the Italian finance guard and customs agency.

https://web.archive.org/web/20170602234926/https://www.stockisti.com/it/

small-community-1
ciaoshop.com
Compromised Site

Website has been hacked/compromised on April 14th 2017.

Webmaster hasn't fixed it yet & he isn't replying to any public or private issue report.