Published at: https://www.bitsight.com/blog/fraudulent-android-advertising-sdk-installed-in-over-15-million-devices

Indicators of Compromise (IoCs)

APK Samples

018efa966cb098d6a7b54f8a37d4946d4f94d7c70059a048f83aa559e3512557
0425dbe56eb4aa6b7daeeb3b607de36655d7ef44d3e64e512309c34298309b38
075fc985f32f742c295b84ea577a4bb79a4a25e7d94a736b6716ec4e49b35a67
08de0cce96c82d6266a20093414775167841228db3c558ba5c0e4ccc716bb5da
0aacabf0dd4800d8042df4be0ee67bdda9f54f8be5f4d0adcc06234d473beceb
0ade600b99853b3ddf3457c63880bedf62aa6a9b89431b4687ee98228e2f108d
11b99ef40b073f9ade71f19d98f355fab646ab8e1604f0d0577f218e86f0ca6b
120655ee503f32a407c754634a50cd98b1b311f4da8c2c2d1ce0ea2744c9a0c8
13a2f3bd2d5f4e7d1e0b59dccac1f0a3a0286c633ae13366cba6596db19f90b6
165b632cb737202fcf8e84e92179da6a3a950a3fa24b5cc7969a0b4ae01edc0d
17b9bcac3dabd9942b8aaab5fa1fb49c4969e589be41b71ca3ca840dd03c514e
1aa09ba3e72c9567d502a0bbaa40ac1f4f2203cc392e9645a80cb508a1521602
1c3a8d8c4a6332c4db18585f0b550e5b3b57ecf3f993a31cf5ed4f7b206c6c0f
1ee300212bd97b04765ffc69b75c29ac77a30e93c1677378aebfa911e7ebb4dd
29e4c7e3f50eacb1a6117fa7bbe93bc546899d7b43d51a88811e69577a969f2f
2a3c257926d374bedb24b89604284ad8b7c13a7f9cb8379c1eb985acb4321214
2d803eb40a13446fec4bb39ae37d391a6906a859fec4759fe4e02b55f9611bef
35fafb9d4b7e163568b01422122767ac2045b1d1bca653dc804906d04fe3f75d
3885808e34ae323ff3842dc2514fd31f1a012a77522a629d33e8dc0ce5238276
388707f4ddfc7bf945c4ee8a3c0d28f2f0389f24a268172d9044b77008bebd8b
39a98dce6a9b4cfe742cea93b7e4206ed999b0f329cdcdc37d03479929573675
3dbc3eb9f62f4e8ff2af55cf1f0ff5e76be391d3191978fbd67fbbfaf68af9ce
3e1e89e1ae7fd81c4e719e371d1eb51ff8f0f91876dbe66ca5b3af0d55499d79
42be68427fff05d900134ae390685d8737e07920cc8b7a1ae7c416db7ce07b41
4358abde087034c01ec6930e633a996e4068160c5196e43872dd0f8b9bad36c4
44033019077c58a731bb4cbfd14db3cd9f90da3feb5a069c2fefbd1a8b6c9f81
4491bab950aa1dc54c977da0699a230b344f182fe441cbfe088b550eeb31dee2
452f8debd73e26c5a4859c8fc5aadb2537d3fd36fe3139facac97debd97f2287
4564a30bd1225db0e40c4494939b5da5fda41271faaea4e4ed7ac0e2a5372672
49747531c3f3b2561765692696540b5c7c5bc6b8c90fc87e9997e173f8c0a0d4
52d521fafd2d86ebded91cfd5528d2443fe7cc92f58588def9abc64a0250da66
5302ec3bbeb9242eb04a2d63c483dcfe13c02c11cd085fec9a5df06690f12841
55efb5f961fdae73b72436e4aa10d156794c7bd36077e52d4bad791c9961502a
5795abcd36516097a65447d4eb6a3fc0f6da97deb4973afe0e7466fb752c262e
59c2d31f681e571c849e2d027fb5548d6cabf4578c3800cf21699cf891df6a43
5dcf28ddcdcb2a9158d711d025ba929e91ffdc4ca89bbbca7e0f17ac5639e862
6018a1fc21a24f49f9cc70176093a30ba4f25f39fb95b9b4d2cd3aa22ab74717
60602e593d6cbf5090d8c0378a72a9e17e279d71d36265150c979ec3ef746511
60ee6a5ee1b4aa0433c9ea6c8f880a61acf6629662e4a6fece53dcef9019d4fb
659a22e1b6e4f928a3be40a76dbec56bfed8ca3bdb476b19aeb60580dbce57ed
65daa7ee19777f15203f6b4752287b165c30bacd56c0fd5cc2b642de3f82d1ac
6943ff2096ed641fe115c93765bb5a159b48ae90e90778734becb21298196835
6acafc5810576e9f533efd3466bcfcb6a77777407c7378f08e4569813ce893ca
6c1e44164d5193cf40c36096831f4a2c0c86b64d1012883d57d58d0cb4242f0a
702d06e630fa52d448ffe2eadd54a4292f281f7b59f3d5887fb940f9d13e26b8
71bb152008e3ff76f0c501df350411c3718be100840c53e55efcf17f9a66540c
777a1a2e9e4ceec69bed91442acde54d9d175686b1c67e2cff0abfe84b81b782
78ad020415f005f46ada8f5652edd8c619568c59bd3b93220683fe8f644fbbc1
7a74b45a869a6ac1c1cf460cd56cf976a8efebba704c41e74118d13a7b7d6aed
7d6b7f396a8b9fab347219b2595c2c852145f5714e44d571640b6371401f02dc
7f5bcb09e02752bf37e51d246b9cd2fc8577a512b508425d99579d532b098b1a
842e3c590d363ae100da8373f4415bc65e05dcca056132179e124237cff65b5a
86d814295b003e3267589bedcf8daa96736535f1675d6d262cbb34008171f11e
88f4b045699703a1553f27bed3056c5eb5f44e26230988d36cd28ec4516d491d
988cca04af95f0fc356e0490fd09237a84dc956e688553970f40c3efe3c06792
9a4154a51c1ee5d512859479cd47d43e620f7c5748418c84f9fff99e12ae5524
9de83e57414a1ef544a3274121e2ca346f27a151c64d0ada7c6f39d03d7bc954
9e5e9add2d75cef55afea99e406cda857734c1297af1695f17e96d251edfe004
a1a28199b9b133785608bda1521cab7d820d7990b6a00b1b7f8e738372acfdc9
a1b72e1863565475d6217f54a4cf839cbb09a5a200a6ea5641d8b8c672f13538
a1d8d83e658111b10bf0c42b51e9ed96a7343e569b3e5b426260655707b9e298
a20e55394659deabeac8fb7b0479d72aee98ed225b53e9c79eceff7fe8df3d16
a7934acccdd83ecc6934b6845442ff8cfeab4b058a9e30a08e01dcb30e4aa5fb
a82892abf160912558de5224fb1b8dabb57a4048c817aa569fd47c002a7c4148
ada9fb666a8575034a8d7f75978c10c5dcdc122e17adc8c3aed5d3aa52ca2b77
ae3b727610168d818596fce6d0fe7129c5dcd65f29bf3b2536f5486c7805b845
b1ce147d3e9596690445e9f0b5396775ef2f47c75f736bfe15dde8f7af000a04
b3b2eb50ff5a225677a8215ccaec9bdc47dc51ebfedca1ff161fea6a230b870b
b5a8303fc5da1b0d7d4f1e1d892d59ba44ada400a3bf75434bd477f637db76ee
b7e5e9bf16ebcd0503a13b68994b980b7dac59f7570cd6e61cf2a77d63437f26
b8b3b93e84ebbbdb00e0d0c863a93877923d94120cbe8b2a6c8ee7c3a685bd7b
b94ae12c7f780554d60d8dec6b2d0a2b37e12263fcd879d49d527f1f6ddb65a0
bbd829892cec82b5b5fcc8d13393180dec04500589bd9ef472402097d4feb8a5
becf1ead946f77e6967a263157c877028d72a5a048d52e71ec151c27d6a0eb99
bee77e5820894a5dedd0a8ae5601d410ae27d6fcf9994494a8f7236391ad1af0
c5a270e59ef2fc440c6e762700b02c2da38513a9237dfe504443eaa7479365f0
c64d950f5f6d87bef914c1999b61c3cab9ff920d4ebcc631dfb5743efc1b3468
cba38ff52ae9981ef419565da7fe0e5d973b037b736a184b840bf3e1ee016401
d08fb38e9a7386907167672a09c0049300969cbd15f027673c86513054be3e65
d234de3dd14f3a65551f3687c54915d0ab4532df7ea80e183e857fb7c3b08c09
d4511c528ca5a05e6272961aef65bfeb8160232eeea648b6612a47891fcf7d92
da27b8b19e949442ce2a05613e8a6e8faa7ad69a4308738278f272a5914dfbd4
dab2cbd6fc8c72d063e81f33d224e5b35ed540ef914cf1d69fa42ae8dd357c0e
dac71ddfd91b32fab93eff21aacf8dcfce46d258afa4be59540dbad142d70001
dd0462585eddd47d64e5cdf6262600a2debe87152b3498ea3cd88eec3db5384c
de52c9ffec5e7d0602e64f082ccd4aa8933a3612dc972c507f7474f011f71c53
e5d08e03e7cc4ff7ce80525f395bfc4b4f91505431cd4cc0e93adc2620c1e1a8
e66f49d1a92274532f6760da7c3c9183e57def2ecbeaf17b59ea48c86b051ed0
e6f139448e459c20486bc5a3dc068b08cc3a1869c86e0479cbaf0add751b1733
e82be8ed43ff78d6660496edd849b893d01f6c5612b1ddabbc6f438ed9bcaa30
e88a7f6412f1e19058e1c5386614d83b5b3f3f317b75ace27708f970f59f7827
ec29fb9401e3e2053a2ae44fc7f0de2a04dca021fc40f5a72ee1218f977b5f13
ec4e82aa1ba41faf0564effef1d97bd7151c9f055961b6af42784f1ddb35a98b
ed11125b43be996ae57d453b0ad6dc3d40fbea35c4e143725438850f89708c4b
f0980373331ba0d233c4d29d2ca1b11a1b6cf6091b24d50b2efbc278f2ed0e4f
f1b1c54ca3ea13a36f27f1bf829ac45df4716db03dd77b89efeca4db4fc4f58e

APK Package Names

apps.plugin.android.litos
coco.husky.shell
collage.photo.camera.patterns.pic.editor
com.ape.ufogames
com.baidu.androidstore
com.beauty.flash
com.cloud.w.demo9
com.coolook.backup
com.cranife.troubles
com.cta.igu.ovi
com.darshancomputing.Battery
com.darshancomputing.BatteryIndicatorPro
com.example.plugtest1
com.google.android.test.sim
com.google.share
com.google.shelltool
com.google.wallpapers
com.h5box.palermen
com.hasi.fakr
com.jwy.browser
com.myos.sugarcity
com.nemo.Vidmapm
com.nemo.vidmate
com.nemo.vidmatf
com.nemo.vidmatg
com.nemo.vidmath
com.nemo.vidmatl
com.petts.lantrn
com.plug.dex
com.px.cloudsdk
com.salvia.app.privacyprotector
com.sarclmcompution.battery
com.sc.success
com.sec.android.app.sbrowser.beta
com.test.arrkii
com.walk.away
com.work.network
com.xrom.intl.appcefter
com.xrom.intl.appcenter
com.zhuoyian.beauty.poker
com.zhuoyian.gemlegend
com.zhuoyianbeauty.beautyparkour
jp.co.cyber_z.openrecviewapp
mail.tools.android
shkwe.djkw.ddd

aiadcreative.com

icecyber.org
ak.icecyber.org
api.icecyber.org
download.icecyber.org
icon.icecyber.org
p.icecyber.org
portal.icecyber.org
realtime.icecyber.org
store.icecyber.org
store2.icecyber.org
subway.icecyber.org
uc.icecyber.org

bayctrk.com
ams.bayctrk.com
auto.bayctrk.com
bayctrk.com
d.baycyber.tech
j.bayctrk.com
sg.bayctrk.com
t.bayctrk.com
usa2.bayctrk.com

cyserv.top
api.cyserv.top
cyserv.top

appsflyer.tk
dk.appsflyer.tk
parnner.appsflyer.tk
portal.appsflyer.tk
sdk.appsflyer.tk

arrkiisdk.com
subway.arrkiisdk.com

cdn.arrkii.tech

click.aiadcreative.com

download.cdncyber.xyz

download.unitcdn.info

Indicators of Compromise (IoCs)#

APK Samples#

APK Package Names#

Related FQDNs#

Indicators of Compromise (IoCs)

APK Samples

APK Package Names

Related FQDNs