There are few data elements that are unique to an emulated Android environment. Below are few checks that the malware does and the default values for an emulator:
Build.FINGERPRINT.startsWith "generic" or "unknown"
Build.MODEL.contains "google_sdk" or "Emulator" or "Android SDK built for x86"
Build.MANUFACTURER.contains "Genymotion"
Build.BRAND.startsWith "generic"
Build.DEVICE.startsWith "generic"
Build.HARDWARE.contains "golfdish" or "ranchu"
Build.PRODUCT equals "google_sdk" or "sdk_x86" or "vbox86p" or "generic"
IMEI = 000000000000000, 012345678912345 or 004999010640000
IMSI = 012345678912345
NetworkOperatorName is empty
SimOperatorName is empty
网友评论