IcicleGum (a5be6094-2d17-11e8-a5b1-ff153ed7d9c3)
IcicleGum is a spyware PHA family whose apps rely on versions of the Igexin ads SDK that offer dynamic code-loading support. IcicleGum apps use this library's code-loading features to fetch encrypted DEX files over HTTP from command-and-control servers. The files are then decrypted and loaded via class reflection to read and send phone call logs and other data to remote locations.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Igexin (52c5f9b3-e9ed-4c86-b4a8-d4ebc68a4d7b) | Android | IcicleGum (a5be6094-2d17-11e8-a5b1-ff153ed7d9c3) | Android | 1 |