Ionic app is showing malicious in android devices. Risk name: Android:Evo-gen[Trj]+AG1335518|egap

Question

Our application is in beta release. After downloading from play store, in some android devices it is slowing the app is malicious. Please refer to the images. In some devices it is showing warning when transfer money in Google Pay. We have developed this application using Ionic Framework v4.

In Android it is showing:

Risk level: High

Risk name: Android:Evo-gen[Trj]+AG1335518|egap

Risk details: The virus is a trojan. It is a malware designed to provide unauthorized, remote access to a user's device. Then can lead to other malware being installed on a machine, various data being stolen, or other malicious activities.

I tried take help of MobSF, but could not install. Could not take help from Owasp Zap and Burp Suit. Could not find much content regarding this issue too. Please help. I am attaching my config.xml and package.json

config.xml

<widget id="org.sdrc.khabarodisha" version="1.1.2-beta" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
    <name>App name</name>
    <description>Description</description>
    <author email="xyz@gmail.com" href="https://exampe.com">Example</author>
    <content src="index.html" />
    <access origin="*" />
    <allow-intent href="http://*/*" />
    <allow-intent href="https://*/*" />
    <allow-intent href="tel:*" />
    <allow-intent href="sms:*" />
    <allow-intent href="mailto:*" />
    <allow-intent href="geo:*" />
    <preference name="ScrollEnabled" value="false" />
    <preference name="android-minSdkVersion" value="19" />
    <preference name="BackupWebStorage" value="none" />
    <preference name="SplashMaintainAspectRatio" value="true" />
    <preference name="AutoHideSplashScreen" value="false" />
    <preference name="ShowSplashScreen" value="true" />
    <preference name="FadeSplashScreen" value="true" />
    <preference name="FadeSplashScreenDuration" value="300" />
    <preference name="SplashShowOnlyFirstTime" value="false" />
    <preference name="SplashScreen" value="screen" />
    <preference name="SplashScreenDelay" value="6000" />
    <preference name="AndroidLaunchMode" value="singleTask" />
    <platform name="android">
        <edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android">
            <application android:networkSecurityConfig="@xml/network_security_config" />
        </edit-config>
        <resource-file src="resources/android/xml/network_security_config.xml" target="app/src/main/res/xml/network_security_config.xml" />
        <allow-intent href="market:*" />
        <icon density="ldpi" src="resources/android/icon/drawable-ldpi-icon.png" />
        <icon density="mdpi" src="resources/android/icon/drawable-mdpi-icon.png" />
        <icon density="hdpi" src="resources/android/icon/drawable-hdpi-icon.png" />
        <icon density="xhdpi" src="resources/android/icon/drawable-xhdpi-icon.png" />
        <icon density="xxhdpi" src="resources/android/icon/drawable-xxhdpi-icon.png" />
        <icon density="xxxhdpi" src="resources/android/icon/drawable-xxxhdpi-icon.png" />
        <splash density="land-ldpi" src="resources/android/splash/drawable-land-ldpi-screen.png" />
        <splash density="land-mdpi" src="resources/android/splash/drawable-land-mdpi-screen.png" />
        <splash density="land-hdpi" src="resources/android/splash/drawable-land-hdpi-screen.png" />
        <splash density="land-xhdpi" src="resources/android/splash/drawable-land-xhdpi-screen.png" />
        <splash density="land-xxhdpi" src="resources/android/splash/drawable-land-xxhdpi-screen.png" />
        <splash density="land-xxxhdpi" src="resources/android/splash/drawable-land-xxxhdpi-screen.png" />
        <splash density="port-ldpi" src="resources/android/splash/drawable-port-ldpi-screen.png" />
        <splash density="port-mdpi" src="resources/android/splash/drawable-port-mdpi-screen.png" />
        <splash density="port-hdpi" src="resources/android/splash/drawable-port-hdpi-screen.png" />
        <splash density="port-xhdpi" src="resources/android/splash/drawable-port-xhdpi-screen.png" />
        <splash density="port-xxhdpi" src="resources/android/splash/drawable-port-xxhdpi-screen.png" />
        <splash density="port-xxxhdpi" src="resources/android/splash/drawable-port-xxxhdpi-screen.png" />
    </platform>
    <platform name="ios">
        <allow-intent href="itms:*" />
        <allow-intent href="itms-apps:*" />
        <icon height="57" src="resources/ios/icon/icon.png" width="57" />
        <icon height="114" src="resources/ios/icon/icon@2x.png" width="114" />
        <icon height="29" src="resources/ios/icon/icon-small.png" width="29" />
        <icon height="58" src="resources/ios/icon/icon-small@2x.png" width="58" />
        <icon height="87" src="resources/ios/icon/icon-small@3x.png" width="87" />
        <icon height="20" src="resources/ios/icon/icon-20.png" width="20" />
        <icon height="40" src="resources/ios/icon/icon-20@2x.png" width="40" />
        <icon height="60" src="resources/ios/icon/icon-20@3x.png" width="60" />
        <icon height="48" src="resources/ios/icon/icon-24@2x.png" width="48" />
        <icon height="55" src="resources/ios/icon/icon-27.5@2x.png" width="55" />
        <icon height="29" src="resources/ios/icon/icon-29.png" width="29" />
        <icon height="58" src="resources/ios/icon/icon-29@2x.png" width="58" />
        <icon height="87" src="resources/ios/icon/icon-29@3x.png" width="87" />
        <icon height="40" src="resources/ios/icon/icon-40.png" width="40" />
        <icon height="80" src="resources/ios/icon/icon-40@2x.png" width="80" />
        <icon height="120" src="resources/ios/icon/icon-40@3x.png" width="120" />
        <icon height="88" src="resources/ios/icon/icon-44@2x.png" width="88" />
        <icon height="50" src="resources/ios/icon/icon-50.png" width="50" />
        <icon height="100" src="resources/ios/icon/icon-50@2x.png" width="100" />
        <icon height="60" src="resources/ios/icon/icon-60.png" width="60" />
        <icon height="120" src="resources/ios/icon/icon-60@2x.png" width="120" />
        <icon height="180" src="resources/ios/icon/icon-60@3x.png" width="180" />
        <icon height="72" src="resources/ios/icon/icon-72.png" width="72" />
        <icon height="144" src="resources/ios/icon/icon-72@2x.png" width="144" />
        <icon height="76" src="resources/ios/icon/icon-76.png" width="76" />
        <icon height="152" src="resources/ios/icon/icon-76@2x.png" width="152" />
        <icon height="167" src="resources/ios/icon/icon-83.5@2x.png" width="167" />
        <icon height="172" src="resources/ios/icon/icon-86@2x.png" width="172" />
        <icon height="196" src="resources/ios/icon/icon-98@2x.png" width="196" />
        <icon height="1024" src="resources/ios/icon/icon-1024.png" width="1024" />
        <splash height="480" src="resources/ios/splash/Default~iphone.png" width="320" />
        <splash height="960" src="resources/ios/splash/Default@2x~iphone.png" width="640" />
        <splash height="1024" src="resources/ios/splash/Default-Portrait~ipad.png" width="768" />
        <splash height="768" src="resources/ios/splash/Default-Landscape~ipad.png" width="1024" />
        <splash height="1125" src="resources/ios/splash/Default-Landscape-2436h.png" width="2436" />
        <splash height="1242" src="resources/ios/splash/Default-Landscape-736h.png" width="2208" />
        <splash height="2048" src="resources/ios/splash/Default-Portrait@2x~ipad.png" width="1536" />
        <splash height="1536" src="resources/ios/splash/Default-Landscape@2x~ipad.png" width="2048" />
        <splash height="2732" src="resources/ios/splash/Default-Portrait@~ipadpro.png" width="2048" />
        <splash height="2048" src="resources/ios/splash/Default-Landscape@~ipadpro.png" width="2732" />
        <splash height="1136" src="resources/ios/splash/Default-568h@2x~iphone.png" width="640" />
        <splash height="1334" src="resources/ios/splash/Default-667h.png" width="750" />
        <splash height="2208" src="resources/ios/splash/Default-736h.png" width="1242" />
        <splash height="2436" src="resources/ios/splash/Default-2436h.png" width="1125" />
        <splash height="2732" src="resources/ios/splash/Default@2x~universal~anyany.png" width="2732" />
        <icon height="216" src="resources/ios/icon/icon-108@2x.png" width="216" />
        <splash height="2688" src="resources/ios/splash/Default-2688h~iphone.png" width="1242" />
        <splash height="1242" src="resources/ios/splash/Default-Landscape-2688h~iphone.png" width="2688" />
        <splash height="1792" src="resources/ios/splash/Default-1792h~iphone.png" width="828" />
        <splash height="828" src="resources/ios/splash/Default-Landscape-1792h~iphone.png" width="1792" />
    </platform>
    <plugin name="cordova-plugin-whitelist" spec="1.3.3" />
    <plugin name="cordova-plugin-statusbar" spec="2.4.2" />
    <plugin name="cordova-plugin-device" spec="2.0.2" />
    <plugin name="cordova-plugin-splashscreen" spec="5.0.2" />
    <plugin name="cordova-plugin-ionic-webview" spec="^4.0.0" />
    <plugin name="cordova-plugin-ionic-keyboard" spec="^2.0.5" />
    <plugin name="cordova-plugin-inappbrowser" spec="^3.2.0" />
    <plugin name="cordova-plugin-nativestorage" spec="^2.3.2" />
    <plugin name="cordova-sqlite-storage" spec="^4.0.0" />
</widget>

package.json

  "name": "App Name",
  "version": "1.1.2-beta",
  "author": "Author name",
  "homepage": "https://homepage.com",
  "scripts": {
    "ng": "ng",
    "start": "ionic serve",
    "build": "ng build",
    "test": "ng test",
    "lint": "ng lint",
    "e2e": "ng e2e",
    "android": "ionic cordova run android"
  },
  "private": true,
  "dependencies": {
    "@angular/common": "~8.1.2",
    "@angular/core": "~8.1.2",
    "@angular/forms": "~8.1.2",
    "@angular/platform-browser": "~8.1.2",
    "@angular/platform-browser-dynamic": "~8.1.2",
    "@angular/router": "~8.1.2",
    "@auth0/angular-jwt": "^3.0.1",
    "@fortawesome/angular-fontawesome": "^0.5.0",
    "@fortawesome/fontawesome-svg-core": "^1.2.28",
    "@fortawesome/free-solid-svg-icons": "^5.13.0",
    "@ionic-native/app-version": "^5.23.0",
    "@ionic-native/browser-tab": "^5.19.1",
    "@ionic-native/core": "^5.0.0",
    "@ionic-native/deeplinks": "^5.19.1",
    "@ionic-native/device": "^5.23.0",
    "@ionic-native/email-composer": "^5.23.0",
    "@ionic-native/facebook": "^5.24.0",
    "@ionic-native/google-plus": "^4.20.0",
    "@ionic-native/in-app-browser": "^5.19.1",
    "@ionic-native/launch-review": "^5.23.0",
    "@ionic-native/market": "^5.23.0",
    "@ionic-native/native-storage": "^5.19.1",
    "@ionic-native/network": "^5.24.0",
    "@ionic-native/screenshot": "^5.21.5",
    "@ionic-native/social-sharing": "^5.23.0",
    "@ionic-native/splash-screen": "^5.0.0",
    "@ionic-native/status-bar": "^5.0.0",
    "@ionic-native/toast": "^5.23.0",
    "@ionic-native/unique-device-id": "^5.23.0",
    "@ionic/angular": "^4.7.1",
    "@ionic/storage": "^2.2.0",
    "@ngx-translate/core": "^12.1.2",
    "@ngx-translate/http-loader": "^4.0.0",
    "angularfire2": "^5.4.2",
    "angularx-social-login": "^2.2.1",
    "animate.css": "^3.7.2",
    "com.darktalker.cordova.screenshot": "^0.1.6",
    "cordova-android": "^8.0.0",
    "cordova-launch-review": "^3.1.1",
    "cordova-plugin-advanced-http": "^2.4.0",
    "cordova-plugin-app-version": "^0.1.9",
    "cordova-plugin-compat": "^1.2.0",
    "cordova-plugin-device": "^2.0.2",
    "cordova-plugin-device-name": "^1.3.5",
    "cordova-plugin-email-composer": "^0.9.2",
    "cordova-plugin-facebook4": "^6.4.0",
    "cordova-plugin-file": "^6.0.2",
    "cordova-plugin-inappbrowser": "^3.2.0",
    "cordova-plugin-ionic-keyboard": "^2.2.0",
    "cordova-plugin-ionic-webview": "^4.1.3",
    "cordova-plugin-market": "^1.2.0",
    "cordova-plugin-nativestorage": "^2.3.2",
    "cordova-plugin-network-information": "^2.0.2",
    "cordova-plugin-splashscreen": "^5.0.2",
    "cordova-plugin-statusbar": "^2.4.2",
    "cordova-plugin-uniquedeviceid": "^1.3.2",
    "cordova-plugin-whitelist": "^1.3.3",
    "cordova-plugin-x-socialsharing": "^5.6.3",
    "cordova-plugin-x-toast": "^2.7.2",
    "cordova-sqlite-storage": "^4.0.0",
    "core-js": "^2.5.4",
    "es6-promise-plugin": "^4.2.2",
    "firebase": "^7.14.1",
    "ionic-swipe-all": "^2.0.0",
    "ionic4-auto-complete": "^2.6.0",
    "net": "^1.0.2",
    "ng-connection-service": "^1.0.4",
    "ngx-pinch-zoom": "^2.3.4",
    "rxjs": "~6.5.1",
    "sockjs-client": "^1.4.0",
    "stompjs": "^2.3.3",
    "tslib": "^1.9.0",
    "zone.js": "~0.9.1"
  },
  "devDependencies": {
    "@angular-devkit/architect": "~0.801.2",
    "@angular-devkit/build-angular": "~0.803.8",
    "@angular-devkit/core": "~8.1.2",
    "@angular-devkit/schematics": "~8.1.2",
    "@angular/cli": "~8.1.2",
    "@angular/compiler": "~8.1.2",
    "@angular/compiler-cli": "~8.1.2",
    "@angular/language-service": "~8.1.2",
    "@ionic/angular-toolkit": "^2.1.1",
    "@types/jasmine": "~3.3.8",
    "@types/jasminewd2": "~2.0.3",
    "@types/node": "~8.9.4",
    "codelyzer": "^5.0.0",
    "jasmine-core": "~3.4.0",
    "jasmine-spec-reporter": "~4.2.1",
    "karma": "~4.1.0",
    "karma-chrome-launcher": "~2.2.0",
    "karma-coverage-istanbul-reporter": "~2.0.1",
    "karma-jasmine": "~2.0.1",
    "karma-jasmine-html-reporter": "^1.4.0",
    "protractor": "~5.4.0",
    "ts-node": "~7.0.0",
    "tslint": "~5.15.0",
    "typescript": "~3.4.3"
  },
  "description": "An Ionic project",
  "cordova": {
    "plugins": {
      "cordova-plugin-inappbrowser": {},
      "cordova-plugin-nativestorage": {},
      "cordova-plugin-whitelist": {},
      "cordova-plugin-statusbar": {},
      "cordova-plugin-device": {},
      "cordova-plugin-splashscreen": {},
      "cordova-plugin-ionic-webview": {
        "ANDROID_SUPPORT_ANNOTATIONS_VERSION": "27.+"
      },
      "cordova-plugin-ionic-keyboard": {},
      "cordova-sqlite-storage": {},
      "cordova-plugin-x-socialsharing": {},
      "com.darktalker.cordova.screenshot": {},
      "cordova-plugin-email-composer": {
        "ANDROID_SUPPORT_V4_VERSION": "27.+"
      },
      "cordova-launch-review": {},
      "cordova-plugin-uniquedeviceid": {},
      "cordova-plugin-device-name": {},
      "cordova-plugin-market": {},
      "cordova-plugin-app-version": {},
      "cordova-plugin-x-toast": {},
      "cordova-plugin-facebook4": {
        "APP_ID": "xxxxxxxxxx",
        "APP_NAME": "App Name",
        "FACEBOOK_HYBRID_APP_EVENTS": "true"
      },
      "cordova-plugin-network-information": {}
    },
    "platforms": [
      "android"
    ]
  }
}

Such risk is not from ionic framework, i malware is from pc and added to installation apk or aab file, all you need is to copy the app file to new pc and run antivirus scan on it, and after that build it again and post it, or if not from pc, maybe its feom you web itself and torjan is being sent with http reuests back to devices, so also you need to make check and be aware thay play store could prevent your apps from this account if the torjan keeps... — Mostafa Harb, Apr 22 '20 at 13:02
VirusTotal is giving me https://www.virustotal.com/gui/file/e9192489ea21d8bcaa7d550713ca4b688739e1fe9f30599e8cdc2acac7f7b067/detection — Ratikanta, Apr 22 '20 at 13:49

score 0 · Answer 1 · answered Jun 02 '23 at 06:11

I had the same issue with my custom app, and many people are also experiencing this problem even with the “Hello World” app.

This is an issue with Avast’s heuristic detection process. The best course of action is to report the false positive here: https://www.avast.com/en-gb/false-positive-file-form.php#android

You can read more here:

https://forum.avast.com/index.php?topic=304817.0

https://community.appinventor.mit.edu/t/avast-mobile-evo-gen-trojan-bug-is-back-again/40273

https://androidforums.com/threads/android-evo-gen-virus.927186/

Ionic app is showing malicious in android devices. Risk name: Android:Evo-gen[Trj]+AG1335518|egap

config.xml

package.json

1 Answers1