Play Gspace Shortcut File Download | For Android Link

https://www example.com/play-gspace-shortcut-file.apk

The following link was used to download the malicious shortcut file: play gspace shortcut file download for android link

rule Play_GSpace_Shortcut_File { meta: description = "Detects Play GSpace shortcut file download" strings: $shortcut_file = "play gspace shortcut file" $malware_url = "https://www example.com/play-gspace-shortcut-file.apk" condition: $shortcut_file and $malware_url } https://www example

The following Yara rule can be used to detect the malware: play gspace shortcut file download for android link

The MD5 hash of the malware is:

GSpace is a legitimate application developed by Google that allows users to run Google Play Store apps on their Android devices without installing them. However, some attackers have created malicious shortcut files that claim to offer a "Play GSpace" functionality, but instead, they download and install malware on the victim's device.