Update Android_FakeApps.yar

a00d4d64 · mmorenog · 10378fe2 · a00d4d64
Commit a00d4d64 authored Feb 27, 2016 by mmorenog
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 9 deletions

Android_FakeApps.yar Mobile_Malware/Android_FakeApps.yar +8 -9

No files found.
--- a/Mobile_Malware/Android_FakeApps.yar
+++ b/Mobile_Malware/Android_FakeApps.yar
@@ -10,7 +10,7 @@
 import "androguard"
-rule fake_facebook: fake
+rule fake_facebook: fake android
 {
  meta:
 		  author = "https://twitter.com/Diviei"
@@ -21,7 +21,7 @@ rule fake_facebook: fake
 }
-rule fake_facebook_2 : fake
+rule fake_facebook_2 : fake android
 {
 	meta:
 		author = "https://twitter.com/plutec_net"
@@ -42,7 +42,7 @@ rule fake_facebook_2 : fake
 		not androguard.certificate.issuer(/O=Facebook Mobile/)	
 }
-rule fake_instagram: fake
+rule fake_instagram: fake android
 {
  meta:
 		  author = "https://twitter.com/Diviei"
@@ -52,7 +52,7 @@ rule fake_instagram: fake
 		and not androguard.certificate.sha1("76D72C35164513A4A7EBA098ACCB2B22D2229CBE")
 }
-rule fake_king_games: fake
+rule fake_king_games: fake android
 {
 	condition:
 		(androguard.app_name("AlphaBetty Saga")
@@ -70,7 +70,7 @@ rule fake_king_games: fake
 		and not androguard.certificate.sha1("9E93B3336C767C3ABA6FCC4DEADA9F179EE4A05B")
 }
-rule fake_market: fake
+rule fake_market: fake android
 {
  meta:
 		author = "https://twitter.com/plutec_net"
@@ -81,7 +81,7 @@ rule fake_market: fake
 }
-rule fake_minecraft: fake
+rule fake_minecraft: fake android
 {
  meta:
 		author = "https://twitter.com/plutec_net"
@@ -92,7 +92,7 @@ rule fake_minecraft: fake
 		and not androguard.package_name("com.mojang.minecraftpe")
 }
-rule fake_whatsapp: fake
+rule fake_whatsapp: fake android
 {
  meta:
 		  author = "https://twitter.com/Diviei"
@@ -100,4 +100,4 @@ rule fake_whatsapp: fake
 	condition:
 		androguard.app_name("WhatsApp") and
 		not androguard.certificate.sha1("38A0F7D505FE18FEC64FBF343ECAAAF310DBD799")
 }
\ No newline at end of file