Malicious
11
/64

Threat

bitpit.launcher

Niagara Launcher

Analyzed on 2022-09-07T14:18:04.431773

21

permissions

18

activities

13

services

13

receivers

13

domains

File sums

MD5 c52cc6d66626e5cd88bc277cfb71fb27
SHA1 2b78f52732c43111be4e4c37e50d0723f8b80e98
SHA256 5e580a46e7246e21530f8283fd0a0a839e0acb683297d27728c9b542139396d4
Size 5.58MB

APKiD

Information computed with APKiD.

/tmp/tmp43wys2um!classes.dex
obfuscator
  • unreadable field names
  • unreadable method names
anti_vm
  • possible Build.SERIAL check
compiler
  • dexlib 2.x

SSdeep

Information computed with ssdeep.

APK file 98304:Ec0cw8EchoEHlKcpA5DRf9F7MX/TWvsF6hrsmmm8dG/4WShE4mWw6NZHjA:DzE8oUld+NFQrWvsF6mm2NE4mWwwA
Manifest 192:GpgBIHGg+DpeUgo8t49o6n+vifXj9xvJj0ife3fBvdnVtUP6dT30lYiYRJijmG:Qg…
classes.dex 1536:Xj0RpybjOchQOCs7PJ0JTfO8wYOGdFtc/06gEd6W6:XkQvhQOCs7PJmfO8wYOGd7…

Dexofuzzy

Information computed with Dexofuzzy.

APK file 96:ZpA3dILFDcX8yQQHk5hsagfZ30c4P8vEs:Zqu5DMwe9032x
classes.dex 96:ZpA3dILFDcX8yQQHk5hsagfZ30c4P8vEs:Zqu5DMwe9032x

APK details

Information computed with AndroGuard and Pithus.

Package bitpit.launcher
App name Niagara Launcher
Version name 1.7.6
Version code 706
SDK 21 - 31
UAID ec77b9ca0fed2cf51d1e596a882f9de09a0a3687
Signature Signature V1 Signature V2
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 e89b158e4bcf988ebd09eb83f5378e87
SHA1 61ed377e85d386a8dfee6b864bd85b0bfaa5af81
SHA256 a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc
Issuer Email Address: android@android.com, Common Name: Android, Organizational Unit: Android, Organization: Android, Locality: Mountain View, State/Province: California, Country: US
Not before 2008-02-29T01:33:46+00:00
Not after 2035-07-17T01:33:46+00:00

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup=true]
This flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Service (bitpit.launcher.notification.NotificationListener) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_NOTIFICATION_LISTENER_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (bitpit.launcher.lock_screen.LockScreenService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_ACCESSIBILITY_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (bitpit.launcher.widget.AppWidgetsRestoredReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Broadcast Receiver (bitpit.launcher.changelog.OwnAppUpdatedReceiver) is not Protected. [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (bitpit.launcher.ui.PermissionUsageActivity) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.START_VIEW_PERMISSION_USAGE [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Activity (bitpit.launcher.shortcut.AddItemActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (bitpit.launcher.icon.icon_pack.ApplyIconPackActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (bitpit.launcher.sesame.SesameConfigActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (ninja.sesame.lib.bridge.v1.access.RelayActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Activity (ninja.sesame.lib.bridge.v1.access.BeaconActivity) is not Protected. [android:exported=true]
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (ninja.sesame.lib.bridge.v1.access.CommandProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Content Provider (ninja.sesame.lib.bridge.v1.access.IconProvider) is not Protected. [android:exported=true]
A Content Provider is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
High Service (androidx.work.impl.background.systemjob.SystemJobService) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.BIND_JOB_SERVICE [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Broadcast Receiver (androidx.work.impl.diagnostics.DiagnosticsReceiver) is Protected by a permission, but the protection level of the permission should be checked.
Permission: android.permission.DUMP [android:exported=true]
A Broadcast Receiver is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
High Service (com.google.android.play.core.assetpacks.AssetPackExtractionService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Browsable activities

Information computed with MobSF.

bitpit.launcher.ui.HomeActivity

Hosts: agenda search secret-command niagaralauncher.app

Schemes: niagara:// https://

Main Activity

Information computed with AndroGuard.

bitpit.launcher.ui.HomeActivity

Activities

Information computed with AndroGuard.

bitpit.launcher.ui.HomeActivity
bitpit.launcher.ui.PermissionUsageActivity
bitpit.launcher.ui.FakeActivity
bitpit.launcher.shortcut.AddItemActivity
bitpit.launcher.notification.batching.BatchedNotificationsActivity
bitpit.launcher.icon.icon_pack.ApplyIconPackActivity
bitpit.launcher.sesame.SesameConfigActivity
bitpit.launcher.settings.SettingsActivity
bitpit.launcher.purchase.ui.PurchaseProActivity
bitpit.launcher.stream.NiagaraStreamActivity
ninja.sesame.lib.bridge.v1.access.RelayActivity
ninja.sesame.lib.bridge.v1.access.IntegrationActivity
ninja.sesame.lib.bridge.v1.access.BeaconActivity
com.google.android.gms.common.api.GoogleApiActivity
com.android.billingclient.api.ProxyBillingActivity
com.google.android.play.core.missingsplits.PlayCoreMissingSplitsActivity
com.google.android.play.core.common.PlayCoreDialogWrapperActivity
android.support.dexpro.app.DexProActivity

Receivers

Information computed with AndroGuard.

bitpit.launcher.widget.AppWidgetsRestoredReceiver
bitpit.launcher.changelog.OwnAppUpdatedReceiver
bitpit.launcher.notification.OwnNotificationDismissedReceiver
com.google.android.gms.measurement.AppMeasurementReceiver
androidx.work.impl.utils.ForceStopRunnable$BroadcastReceiver
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryChargingProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$BatteryNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$StorageNotLowProxy
androidx.work.impl.background.systemalarm.ConstraintProxy$NetworkStateProxy
androidx.work.impl.background.systemalarm.RescheduleReceiver
androidx.work.impl.background.systemalarm.ConstraintProxyUpdateReceiver
androidx.work.impl.diagnostics.DiagnosticsReceiver
com.google.android.datatransport.runtime.scheduling.jobscheduling.AlarmManagerSchedulerBroadcastReceiver

Services

Information computed with AndroGuard.

bitpit.launcher.notification.NotificationListener
bitpit.launcher.lock_screen.LockScreenService
com.google.firebase.components.ComponentDiscoveryService
com.google.android.gms.measurement.AppMeasurementService
com.google.android.gms.measurement.AppMeasurementJobService
androidx.work.impl.background.systemalarm.SystemAlarmService
androidx.work.impl.background.systemjob.SystemJobService
androidx.work.impl.foreground.SystemForegroundService
androidx.room.MultiInstanceInvalidationService
com.google.android.play.core.assetpacks.AssetPackExtractionService
com.google.android.play.core.assetpacks.ExtractionForegroundService
com.google.android.datatransport.runtime.backends.TransportBackendDiscovery
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService

Sample timeline

Certificate valid not before Feb. 29, 2008, 1:33 a.m.
First submission on VT Sept. 6, 2022, 5:59 p.m.
Oldest file found in APK Sept. 6, 2022, 11:29 p.m.
Latest file found in APK Sept. 6, 2022, 11:29 p.m.
Last submission on VT Sept. 7, 2022, 1:53 p.m.
Upload on Pithus Sept. 7, 2022, 2:18 p.m.
Certificate valid not after July 17, 2035, 1:33 a.m.

VirusTotal

Score 11/64
Report https://www.virustotal.com/gui/file/5e580a46e7246e21530f8283fd0a0a839e0acb683297d27728c9b542139396d4/detection

Most Popular AV Detections

Provided by VirusTotal

Threat name: artemis Identified 2 times

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to ['location', 'bluetooth', 'network connectivity'].
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to ['calendar'].
Access to Platform Resources
FDP_NET_EXT.1.1 The application has user/application initiated network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager.
Integrity for Installation and Update

Code analysis

Information computed with MobSF.

Medium
CVSS:7.4
Files may contain hardcoded sensitive information like usernames, passwords, keys etc.
MASVS: MSTG-STORAGE-14
CWE-312 Cleartext Storage of Sensitive Information
M9: Reverse Engineering
Files:
 com/tkstudio/stringer/a.java
Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 AlertDialog$BuilderC0036.java
C0041.java
C0037.java
Low
CVSS:0
This App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
MASVS: MSTG-STORAGE-10
Files:
 ActivityC0030.java
Info
CVSS:0
This App may have root detection capabilities.
MASVS: MSTG-RESILIENCE-1
Files:
 C0041.java
Pygal Spain: 100 United Kingdom: 100 United States: 1000

Map computed by Pithus.

Domains analysis

Information computed with MobSF.

US www.apache.org 151.101.2.132
US twitter.com 104.244.42.193
US creativecommons.org 104.20.150.16
US medium.com 162.159.153.4
US play.google.com 142.250.186.46
JP www.niagaralauncher.app 172.67.162.145
GB t.me 149.154.167.99
US photos.app.goo.gl 172.217.18.110
US www.reddit.com 199.232.189.140
ES freesound.org 84.89.139.206
US bottosson.github.io 185.199.108.153
US help.niagaralauncher.app 44.196.173.86
US launcher-id.firebaseio.com 34.120.160.131

URL analysis

Information computed with MobSF.

https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource
https://www.niagaralauncher.app/discord
https://launcher-id.firebaseio.com
http://www.apache.org/licenses/
http://www.apache.org/licenses/LICENSE-2.0
https://creativecommons.org/licenses/by/3.0/),
https://freesound.org/people/bone666138/sounds/198877/
https://bottosson.github.io/posts/oklab/.
https://medium.com/@niagaralauncher
https://play.google.com/store/apps/details?id=bitpit.launcher
https://www.reddit.com/r/niagaralauncher
https://t.me/niagara_launcher
https://t.me/s/niagara_news
https://help.niagaralauncher.app/article/80-help-translate
https://twitter.com/NiagaraLauncher
https://photos.app.goo.gl/fM7PKUXZ5PwtaUCBA
Defined in Android String Resource

Permissions analysis

Information computed with MobSF.

High android.permission.ACCESS_COARSE_LOCATION coarse (network-based) location
Access coarse location sources, such as the mobile network database, to determine an approximate phone location, where available. Malicious applications can use this to determine approximately where you are.
High android.permission.READ_CALENDAR read calendar events
Allows an application to read all of the calendar events stored on your phone. Malicious applications can use this to send your calendar events to other people.
High android.permission.CALL_PHONE directly call phone numbers
Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.
Low android.permission.ACCESS_NOTIFICATION_POLICY Marker permission for applications that wish to access notification policy.
Low android.permission.BLUETOOTH create Bluetooth connections
Allows applications to connect to paired bluetooth devices.
Low android.permission.VIBRATE control vibrator
Allows the application to control the vibrator.
Low android.permission.REQUEST_DELETE_PACKAGES Allows an application to request deleting packages.
Low android.permission.QUERY_ALL_PACKAGES Allows query of any normal app on the device, regardless of manifest declarations.
Low android.permission.EXPAND_STATUS_BAR expand/collapse status bar
Allows application to expand or collapse the status bar.
Low android.permission.SET_WALLPAPER_HINTS set wallpaper size hints
Allows the application to set the system wallpaper size hints.
Low android.permission.INTERNET full Internet access
Allows an application to create network sockets.
Low android.permission.ACCESS_NETWORK_STATE view network status
Allows an application to view the status of all networks.
Low android.permission.WAKE_LOCK prevent phone from sleeping
Allows an application to prevent the phone from going to sleep.
Low android.permission.RECEIVE_BOOT_COMPLETED automatically start at boot
Allows an application to start itself as soon as the system has finished booting. This can make it take longer to start the phone and allow the application to slow down the overall phone by always running.
Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground.
Medium android.permission.BIND_APPWIDGET choose widgets
Allows the application to tell the system which widgets can be used by which application. With this permission, applications can give access to personal data to other applications. Not for use by common applications.
com.android.alarm.permission.SET_ALARM Unknown permission
Unknown permission from android reference
android.permission.BLUETOOTH_CONNECT Unknown permission
Unknown permission from android reference
com.android.vending.BILLING Unknown permission
Unknown permission from android reference
com.google.android.gms.permission.AD_ID Unknown permission
Unknown permission from android reference
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Query the list of the installed packages
Confidence:
100%
Method reflection
Confidence:
100%
Method reflection
Confidence:
80%
Check if the given path is directory
Confidence:
80%
Check if the given file path exist
Confidence:
80%
Executes the specified string Linux command
Confidence:
80%
Create a directory

Behavior analysis

Information computed with MobSF.

Android notifications
       C0041.java
C0039.java
Base64 decode
       C0037.java
Base64 encode
       C0041.java
Dynamic class and dexloading
       C0034.java
Execute os command
       C0025.java
RunnableC0007.java
Get installed applications
       C0041.java
Get system service
       C0041.java
C0037.java
C0039.java
ActivityC0030.java
Inter process communication
       C0039.java
ActivityC0030.java
C0014.java
C0042.java
ActivityC0033.java
C0012.java
Java reflection
       C0041.java
C0037.java
p000class/tazmods/protection/apk.java
C0026.java
C0034.java
C0039.java
xyz/magicph/dexpro/ProxyApplication.java
C0014.java
C0042.java
C0021.java
Kill process
       C0037.java
C0039.java
DialogInterface$OnClickListenerC0016.java
Load and manipulate dex files
       C0034.java
Message digest
       C0041.java
Sending broadcast
       C0012.java
Set or read clipboard data
       ActivityC0030.java
Starting activity
       C0014.java
C0042.java

Control flow graphs analysis

Information computed by Pithus.

The application probably dynamically loads code

The application probably lists all installed applications

The application probably executes OS commands