Follow

It you have a google account please help with reporting this as harmful and impersonating.

*DO NOT INSTALL* (except if you are a malware researcher 😉)

Fake F-Droid app, please report:
play.google.com/store/apps/det

@enjey
Te metes en la app de Play store y le das a los tres puntos de arriba a la derecha - marcar como inadecuado - suplantación de identidad.
@fdroidorg

@edmonde @fdroidorg DONE!

I was at the website on my desktop and not on the play app.

@fdroidorg you can request its removal, no? the support page for flagging apps says you can request apps for removal if infringes copyrighted or trademarked property

@fdroidorg @kuketzblog

The fake app contains Google and FB ads and TrebleShot engine (to transmit/thieve data?).

f-droid.org/packages/com.genon

Developer of the fake app possibly is related to TrebleShot from f-droid, because there are hard coded links inside to Github and Telegram groups:

t.me/trebleshot
t.me/trebleshotBroadcast

@fdroidorg I thought they would ban alternate app stores by default :blobcatthink:

@isi Yes, that's the policy. But a) we don;t know if that app is actually a working appstore (it probably isn't) and b) it's not as if google has a good track record with scanning apps for malware/policy violations.

@fdroidorg yep, as soon as you remove free tusky from your repo

@kyzh @fdroidorg you realise this malware hurts people, not just fdroid's image

murder 

@snailerotica that gab user killed 11 people, so yeah enabling free tusky is not just enabling any app @fdroidorg

re: murder 

@kyzh @fdroidorg allowing queer folk to be duped into installing malware is a strange and pyrrhic form of activism

re: murder 

@snailerotica I am not too sure what your point is.

My point is that if they want to keep their community safe, the relashionship goes both ways.

This is not a competition to know what it worse both are bad.

@fdroidorg done, reported as a copyright, trademark & logo violation ; )

@fdroidorg

I'm wondering if that's what happened to me? I had F-Droid on the tablet and the thing became unresponsive and quirky. Removing it seemed to have helped. Should I do a cold factory boot or leave as is?

@retiredguru @fdroidorg google has a policy of not allowing other appstores, so if you got something claiming to be fdroid from google play it most certainly wasn't legit

@snailerotica @fdroidorg

Yeah, good point. Adding an app outside of PlayStore is a lot diff than a whole 'nother app store.

@fdroidorg

Another reason I find myself unwilling to do much 'serious' computing on my tablet or phone. Android (Google) can't be trusted to maintain security of your device. It truly is a digital marketing slave collar operating system. Thank you, Google. <\sarcasm infinitum>

@fdroidorg seems like it was successfuly suspended, at least for now

@fdroidorg

Die angeforderte URL wurde auf diesem Server nicht gefunden.

;)

@fdroidorg
I took the time and tested it:
1) downloaded APK. apkcombo.com/en-rs/apk-downloa

2) then online APK sandbox analysis
hybrid-analysis.com/sample/d2b

3) At least one AV found it guilty, so check with VirusTotal
virustotal.com/gui/url/84e4f4b

And in deed it is, check community section for more info.
Anyway it is off the PlayStore now. 🙌☺😁

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!