bypass CMS v2.4.5

no reflection from CMS


The malicious url works only on android devices.

[attachment deleted by admin]

Could you please write down the application URL from Google Play?

I believe CMS would detect it with the next Virus DB update but lets double check it.

Out of curiosity, did you have Cloud Analysis enabled? Looks like a few of the big names missed it a few that did indicate detected in the cloud i.e. Sophos and Kingsoft etc.

It was not downloaded from Google Play.

cloud scan = on

[attachment deleted by admin]

Confirmed, not detected by current signature. Downloaded and full scan done. Link on VT is a google shortened link but its not the Play Store. Actual file comes from (download.doomdns.org). Google verification install warns you about installing (see image).

My advice: Only download from playstore and always verify install.

Eric

[attachment deleted by admin]

agreed on Erics points :slight_smile:

Could you please send us the application URL or attachment, so that I can report it to AV lab team?