Sketchware-based malware analysis report
1. overview
As the number of Android OS smartphones has grown, so has the number of services that make it easier for developers to create apps, such as Sketchware.
Sketchware is a publicly available tool for people who have difficulty developing apps, allowing them to create simple functional apps on their devices.
However, it has been found to be abused to create malicious apps, most notably the Arsink malware.
This malicious app was created through Sketchware and can manipulate the APK file in the admin app to create a malicious app to install on the user’s device.
currently, malicious apps that modify the Arsink malicious app are actively distributed through Telegram, and this article includes analysis of one of them, the “Spider-Rat” malicious app
2. Arsink
Arsink is a malicious app that targets Android devices and aims to gain remote control and steal personal information. it was first collected in August 2023, in an app called “Arsink4Rat”.
The developer believed to have created the original malicious app has been posting videos on YouTube about the malicious app and how to develop it through Sketchware, as shown in Figure 1.
The app is diagnosed as a Trojan/Arsink by both first- and third-party antivirus products.
figure 1. YouTube channel of the alleged creator of Arsink
The Arsink malicious app and its mods are being shared through Telegram channels for hackers in Arab countries, where various malicious apps are being created, as shown in [Figure 2].
figure 2. Telegram channels in Arab countries
For more information, please refer to the attached file.
