2-Extended Analysis-Full

Communities @ Risk 39EXTENDED ANALYSIS: 2.2 Cluster Analysisoriginal email from the compromised account, and over the course of a few weeksdeveloped malicious versions of the attached APKs. The use of private informationin this attack gives it a social engineering score of 5. The technical score of themalware is 1.25 (see the section below for details on the malware’s functionality).The total TTI is 6.25.MALWARE ANALYSISThe functionality and certificates used for the malicious versions of the KakaoTalk andTuneIn APKs are identical. Both applications were repackaged into modified APKs andsigned with an illegitimate certificate (KakaoTalk malware MD5 cbc474e34f26b4afd-02932d8cae9e401 Tunein Malware MD5 ba760392f171e2f05d0352cc1e00190c).Below, we reproduce the original and fake certificates used for KakaoTalk. Notice thatfields in the illegitimate certificate have been populated with what appears to be anassortment of nonsensical characters from a QWERTY keyboard:Original legitimate certificate:Illegitimate certificate: