Is anyone writing an Android app that can compare these lists to current or past installed apps?

The app list is necessary and appreciated, but esp. when they get this long (UltimaSMS) getting friends and family to manually reconcile is a non-starter.

Thank you for all you do to identify these malicious apps!

Would be nice to be able to browse the fleeceware list on GitHub itself in plain text

There is no download option to download the csv file so we can save it to our PC and open it in Excel and sort.

Perhaps next time save the file(s) in Google drive instead in the form of a spreadsheet?

Thank you very much for coining the term "Fleeceware" and providing the lists for iOS and Android. This is a very important step to fight scam apps and hopefully Apple and Google will react appropriately to stop them. Did you or do you have plans to directly contact Apple and Google regarding this matter and the data?

Our developer team would like to contribute more apps to the lists. Do you have a thought about a process for contributing?

We see following options for contributing:
(a) Create a pull request on github
(b) Add the scam apps here an, directly in the issue
(c) Send you the identified apps as a list (to which email address?)

We would pefer variant (c) as this would give Avast the chance to check our data before it gets published.

Furthermore here are some suggestions for improving the lists:

• Add the link to the app on the App Store or Play Store
• Add the developer name and the link to the developer account on the App Store or Google Play.
• Sort the list by developers. There will probably be a lot of scam apps by one developer.
• Add the estimated download + revenue total from sensortower for each app. The ratio of revenue per download is very informative.
• Put the SensorTower estimated Download and Revenue Total at the top of the list, as they are very important numbers
• Add the Worldwide Release Date from Sensortower for each app.

We are pretty sure that many other developers, for example @keleftheriou, would also like to contribute to the topic.

Thank you very much in advance.

The team of 2kit consulting
http://2kit.de

tiktok is virus

Dear dzzie,

You have mentioned the following in
"Binary Reuse of VB6 P-Code Functions" link https://decoded.avast.io/davidzimmer/reusing-vb6-p-code-functions/

The allocation at offset 0x18 is only required if we wish to use built in VB file operation commands or the MsgBox function.

Can you please show an vb6 source code example of how to implement this so that I can display MsgBox
in new thread in vb6 standard exe compiled to pcode.

I have a couple of questions:

Looking at the picture on your article "close-up of cluster of WiFi related functions" and your github command list. You listed CMD 0x69 as wifi power? Does that means in the firmware it actually sets more power to the wifi (maybe using a AT command to the esp)? And does that command have a parameter? I got a lot of people complaining, about kettles and coffee machines loosing connection and reseting them to access points. Would be nice to add a feature to have more power to the wifi using iBrew. I knew the command did something :-)

These commands did not show up when I run "ibrew sweep". But are in the firmware? CMD 0x0B and CMD 0x3F.
Since those both return StatusInvalid (0x69). Could I have a copy of the annotated (I can't image, the names where there before in the firmware, like pin_carafe_test) ida files? I can read and write assembler, but I have no experience in IDA. But I want to have a looksee for al the unknown things I encountered, mapping the protocol.

Can if I place a copy of your article, on the ibrew github page? So people can use it as further reference.

Tristan

I'm interested in incorporating your rule set into a new project, however, I noticed that you haven't specified a license for the published content. This implies that all copyright ownership remains with you, restricting the ability for others to use, share, or modify the rules without your consent.

Would you consider adopting the Detection Rule License (DRL) for the rules published in this repository?

https://github.com/SigmaHQ/Detection-Rule-License