Follow

It you have a google account please help with reporting this as harmful and impersonating.

*DO NOT INSTALL* (except if you are a malware researcher 😉)

Fake F-Droid app, please report:
play.google.com/store/apps/det

@enjey
Te metes en la app de Play store y le das a los tres puntos de arriba a la derecha - marcar como inadecuado - suplantación de identidad.
@fdroidorg

@fdroidorg you can request its removal, no? the support page for flagging apps says you can request apps for removal if infringes copyrighted or trademarked property

@fdroidorg @kuketzblog

The fake app contains Google and FB ads and TrebleShot engine (to transmit/thieve data?).

f-droid.org/packages/com.genon

Developer of the fake app possibly is related to TrebleShot from f-droid, because there are hard coded links inside to Github and Telegram groups:

t.me/trebleshot
t.me/trebleshotBroadcast

@fdroidorg I thought they would ban alternate app stores by default :blobcatthink:

@isi Yes, that's the policy. But a) we don;t know if that app is actually a working appstore (it probably isn't) and b) it's not as if google has a good track record with scanning apps for malware/policy violations.

@fdroidorg yep, as soon as you remove free tusky from your repo

@kyzh @fdroidorg you realise this malware hurts people, not just fdroid's image

murder 

@snailerotica that gab user killed 11 people, so yeah enabling free tusky is not just enabling any app @fdroidorg

re: murder 

@kyzh @fdroidorg allowing queer folk to be duped into installing malware is a strange and pyrrhic form of activism

re: murder 

@snailerotica I am not too sure what your point is.

My point is that if they want to keep their community safe, the relashionship goes both ways.

This is not a competition to know what it worse both are bad.

@fdroidorg done, reported as a copyright, trademark & logo violation ; )

@fdroidorg seems like it was successfuly suspended, at least for now

@fdroidorg

Die angeforderte URL wurde auf diesem Server nicht gefunden.

;)

@fdroidorg
I took the time and tested it:
1) downloaded APK. apkcombo.com/en-rs/apk-downloa

2) then online APK sandbox analysis
hybrid-analysis.com/sample/d2b

3) At least one AV found it guilty, so check with VirusTotal
virustotal.com/gui/url/84e4f4b

And in deed it is, check community section for more info.
Anyway it is off the PlayStore now. 🙌☺😁

guys, we've nailed the fake app by reporting !

hi5 to all

@fdroidorg

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!