I downloaded it from androeed.ru, which is in the megathread. However, it has 16 detections, and it’s labled trojan, and I never used androeed.ru before, so idk how trustable it is.
Still I’m tempted to install it since sandbox found no Network comms. But I’m new to piracy so I think I should ask here first.
Thanks for replying! Edit to provide a bit more info:
-
This is a mod apk file for a paid game called sproggiwood, so I thought it would be normal to drop files like /libandroeedru.so, you know, to unlock game or something.
-
The site androeed.ru is in the 2nd place in “Android Cracked/Modded App Markets & Repos” list, right after mobilism, so I thought it was a famous piracy site as well. (I’m new to piracy, so idk. Is it famous?)
-
This file was uploaded to androeed at 2020, which means if it is indeed malicious, the site is unsafe since 2020, so it should be removed from megathread long time ago. Is the megathread that outdated?
-
Trojan means it steals info via internet. And virustotal said it only contacted 5 domains: 1: clientservices.googleapis.com 2: connectivitycheck.gstatic.com 3: gmscompliance-pa.googleapis.com 4: gstatic.com 5: infinitedata-pa.googleapis.com Does this mean the detections are false positives or am I missing something?
I’m at a loss. Please help! Thank you very much.
Thanks. That dropper function looks dangerous. However, the first dropper campaign spotted by Threat Fabric at the beginning of October 2022, and this file was uploaded at 2020, so even if it’s indeed malicious, it’s probably a different bad guy I guess.