There is an app that was available on Google Play Store called eVestigator, and this app was just pulled from Google Play Store due to being vulnerable. This app is a forensics app, which was meant to check your Android device for various security issues and compromises. After some checking into the app, researchers have found that eVestigator actually is compromised itself. Read on to learn more about eVestigator and what was found when researchers looked at this app.
Forensic App eVestigator Pulled From Google Play Store
eVestigator was supposed to help check your Android smartphone for various compromises in security, but it appears the app itself was compromised. If you have this app on your Android device, you should delete the app immediately, according to researchers. The person who found the vulnerabilities and issues with eVestigator is called MaXe, and this person is from InterN0T.
The premise of eVestigator is that it is supposed to check your Android device for various security flaws and issues. An example of this would be checking to see if your Android device has been infected with various malware or other serious virus. When MaXe checked into eVestigator however, the person found that it would run a scan across all of the TCP Ports.
There are over 65,000 TCP Ports that eVestigator would scan, and then the app would say that there were literally thousands of various “threats” and “malware” on the Android device. Obviously, we all know that an Android device is unlikely to actually contain thousands of “threats” as the eVestigator program reported.
The only thing that the “Report” button in eVestigator would do is send your IP address to the developer, which is not helpful when it comes to malware or other security vulnerabilities. There would also be details given about the user that the user had entered into the Android device, which again, is not something you want to be giving away to any developer. Beyond that, the Android environment details would be sent as well when you hit the “Report” button, but nothing beyond that was done in eVestigator.
The eVestigator App Susceptible to Remote Code Execution
According to the researcher that delved into eVestigator, the real issue is that this app could end up being used via a man-in-the-middle attack to deliver remote code execution. Essentially, if there was a man-in-the-middle attack on a domain name, IP Prefix, or DNS, the attacker could tell the application on Android to use controlled Java coding.
This would then be executed from within the application itself, meaning eVestigator. These attacks could also be done by hijacking a legitimate wireless connection or making a wireless access point that was malicious. One of the domain names that could be used and hijacked in this case would be “api.ipify.org.”
It was after the legal threat that the vendor decided to get eVestigator pulled from Google Play Store. A YouTube video apparently was also involved and the vendor tried to get the YouTube video, which showed the issues with the app, pulled from YouTube. It does not appear that the YouTube video was taken down, and then that is when MaXe went public with the information he or she had about the vulnerabilities and risks associated with eVestigator.
So if you have this app on your Android device, warnings are being sent out right now from various researchers and companies that you should immediately remove the app from your Android device. Do not run this app and make sure that the app has been deleted from your device.
If you notice that the app has given you those warnings about there being threats on your Android device, you should just ignore them and promptly delete the app from your device. It is not known whether the vendor was trying to pull off a man-in-the-middle attack via the eVestigator app, or whether the vendor just pulled the app from Google Play Store so that people would not be impacted by the potential vulnerabilities within the app.