r/Malware

I have accidentally downloaded a virus called "pc app store" and it won't disappear after closing. It also hides all other apps and won't let me click anything.
Don’t know how to fix this, I know very little about computers.

Hi guys, I am new to like cyber security related stuffs, I wanna learn about malware analysis in both offensive and defensive way so is there any free resources available so I can learn that.

Came across this really interesting analysis of a pirated Android movie streaming APK called NetMirror and honestly didn’t expect it to go this deep.

At first glance the app looked completely normal:
clean UI, React Native based, movies streamed properly.

But the analysis found:

• emulator/sandbox detection for Genymotion, Nox, BlueStacks, VirtualBox, etc.
• Base64-encoded infrastructure domains hidden inside the Hermes JS bundle
• staged permission handling for SMS and call log access
• WebView credential interception hooks
• native libraries containing the same tracking infrastructure references

The most interesting part was how it bypassed automated analysis.

Hybrid Analysis apparently marked it as “safe” because most of the suspicious logic wasn’t in the Java layer scanners usually inspect — it was hidden inside the React Native Hermes bundle and native libraries.

Pretty solid example of how modern Android malware is starting to exploit analysis blind spots in cross-platform frameworks.

Worth the read:
https://medium.com/@Espress0/the-free-movie-app-that-was-robbing-you-blind-eeefe9c5e65c

greatly broken down and presented

massive campaign for 170+ packages and 400+ malicious versions published. what we saw that not a single maintainer account compromised. tanStack and Mistral AI these are the names that stand out.

Mini Shai-Hulud has yet again reportedly compromised 160+ packages, including parts of the TanStack and Mistral ecosystems. The interesting part is the attack path: instead of simple typosquatting, it abused GitHub Actions cache poisoning and trusted publishing/OIDC workflows, making the malicious packages appear legitimately built and published.

Virus Total : https://www.virustotal.com/gui/file/4a7063b95d7278f4002e3ef74606f429c5a69ddb2de6e60cdf12234004d23e38/detection

Kapersky : https://opentip.kaspersky.com/4A7063B95D7278F4002E3EF74606F429C5A69DDB2DE6E60CDF12234004D23E38/results?tab=upload

Hybrid Analysis : https://hybrid-analysis.com/sample/4a7063b95d7278f4002e3ef74606f429c5a69ddb2de6e60cdf12234004d23e38

This is the Github where it was downloaded from : https[:]//github[.]com/YimMenu/YimMenuV2

My reasoning for why it may not be a virus:

It is a modification for a game, and with that I expect a couple false positives minimum, but I've also checked plenty of sources (such as the ones listed above) and the community around this mod.

Any constructive advice or info is appreciated

I don't think I'm asking for technical support, just second opinions on this, or possibly some tools I can use to better analyze the file.

So my grandma one day tells me she has had problems accessing WhatsApp. All my cousins had tried to fix it for her but nobody could, and since I’m the most tech-savvy she asked me for help.

When I first inspected it, it said the WhatsApp app she had wasn’t authentic, and to please download the real one; so I went to the Play Store and downloaded the real one, but the same message came up. At this point I believed it was a problem with the Play Protect Certification but the more I dug in the weirder it got.

The phone is clearly a Samsung Galaxy clone, but the updater version had some cursed name like “S24_ULTRA_2”. CPU-Z claimed it had a Snapdragon 8 Gen 3 running at like 1.3GHz 🤣 and the board info showed “alps / k53v1_bsp_gmo_1g”, which apparently is a MediaTek clone board.

At this point I decided to gift her a new phone and SIM card since even the SIM was flagged apparently by WhatsApp.

But I was/am still curious about this device so I decided to investigate more, but with Chat GPT’s help since this is a little too advanced for me. It told me to install PCAPdroid to monitor network traffic and that’s where things got interesting.

The phone was making DNS requests to completely random gibberish domains like:

- kbueeltmvihu

- dbcfakhafb

- pdtosgijvvqky

At the same time it was also contacting normal Google services like:

- play.googleapis.com

- mtalk.google.com

- Firebase logging endpoints

The weird part was that PCAPdroid labeled the suspicious DNS requests as coming from “Root,” not from a normal installed app.

From there I started reading about about preinstalled firmware malware and counterfeit Android ROMs with baked-in spyware.

My current theory is that this isn’t just a sketchy APK I installed, the malware is probably embedded directly into the system firmware itself, which apparently is pretty common in ultra-cheap clone phones.

These days I’ve had the phone in quarantine but its a perfectly usable device and wouldn’t want to just throw it away, so my questions are:

1- What conclusions would you draw from this? Has this happened to you before or someone you know?

2- Can this be fixed? Can I flash another firmware onto the phone and go on with my day?

3- LLM’s had highly suggested to not connect it to my WiFi network because the malware could mayyyyybe do a sideways movement, and I’m not confortable connecting it to my PC so what are my options? Are these things really that unsafe?

4- If the phone is fully compromised and unsaveable, what can I do with it? I was thinking of using it as a virus pandora box or to download pirate files without the fear of infection and then safely move them to other devices.

I was doing like three different things at once, and typed in LinkedIn trying to verify. And without thinking (Stupid ik), I went through this weird verification process I thought was new on the fake website. It was the top search, so I clicked without thinking, as I thought it was the right one. It made me enter something with a command prompt. Does anyone know what happened? I scanned my device, and they found nothing wrong.

Dont think I can post the site here but if anyone can help, that would be great.

i am currently doing a Website analysis for college

and thought it would be more interessting to look at a Website with lots of malware and such.

any idea how to find them.

PS: If anybody has a link for me feel free to dm me.