1. Are you ready for the Galaxy S20? Here is everything we know so far!

Malware distributing website detects operating system?

Discussion in 'Android Lounge' started by JSS1900, Jan 3, 2022.

  1. JSS1900

    JSS1900 Lurker
    Thread Starter

    Hello,

    I am currently receiving SMS messages trying to distribute the Android based FLU BOT malware.

    The script that the websites run can detect the legitimacy of the operating system. If you try to access the website hosting the malware on anything other than an Android device, it re-directs you to a legitimate website.

    Thus, I have tried user agent switchers and Android emulators, however, it can still detect that i am not using the actual operating system.

    I have made sure the screen resolution is that of a mobile device. The IP range of the desktop is a non-mobile ISP, however I don't think that would be the issue as surely victims would access the malware website on their private WiFi connection? Browser leakage websites also cannot detect the OS on the desktop when using an emulator.

    Is anyone aware of how they are detecting the operating system (fingerprinting)?
     



    1. Download the Forums for Android™ app!


      Download

       
  2. puppykickr

    puppykickr Android Expert

    ocnbrze, Davdi and Dannydet like this.
  3. JSS1900

    JSS1900 Lurker
    Thread Starter

    I am using an Android emulator, which means I am using the Android default browser. VPN shouldn't matter for the reason I said previously.
     
  4. svim

    svim Extreme Android User

    What operating system is the host running? If the Android install you're running is through emulation any online access is still going to have to travel through the host operating system's network stack.
     
    puppykickr and ocnbrze like this.
  5. JSS1900

    JSS1900 Lurker
    Thread Starter

    Yes, but if a victim were to access the malware website on a WiFi connection on their phone, why would it show any different to accessing the website through an emulator on a Windows 10 computer.
     
  6. svim

    svim Extreme Android User

    An Android emulator is just software running inside of a host operating system, in your example Win10. It's that Win10 PC that's connected to a local network, that is itself then connected to router-modem, that's connected to the Internet. It's that base operating system that's connected either by wire (Ethernet) or wrielessly (WiFi) to the router, and any online traffic to and from your virtual Android set up still has go through that Win10 PC connection. If you need to cut back on that chain of translated IP addresses, don't use an emulator. Just start using an actual Android device. Or start being more vigilant and responsible about your web browser habits, and switch to more privacy-focused web browsers like Firefox Focus or Brave.
     
    Davdi and ocnbrze like this.
  7. JSS1900

    JSS1900 Lurker
    Thread Starter

    No that doesn't indicate how the web-server could be detecting I am not using a genuine Android device.
     
  8. mikedt

    mikedt 你好

    What emulators have you tried exactly?

    I sometimes use Bluestacks running on a MacBook, and any websites I've tried have always determined that as Android, and not MacOS.
     
  9. svim

    svim Extreme Android User

    Well yes it does. It's still your Win10 PC that's the actual network connection. Any emulator is still just 'virtual'.
     
    puppykickr likes this.
Loading...

Share This Page

Loading...