From 3bd703d6b8b74f9ef88f1e9ca7137f13d233a121 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 19 Dec 2023 16:58:11 -0500
Subject: [PATCH] Add support for the MalwareBazaar database

Signed-off-by: Tad <tad@spotco.us>
---
 README.md                                                  | 1 +
 app/build.gradle                                           | 4 ++--
 app/src/main/java/us/spotco/malwarescanner/Database.java   | 3 +++
 .../main/java/us/spotco/malwarescanner/MainActivity.java   | 7 +++++--
 app/src/main/res/values/arrays.xml                         | 1 +
 fastlane/metadata/android/en-US/changelogs/107.txt         | 2 ++
 scripts/0malware_bazaar-android.sh                         | 5 +++++
 7 files changed, 19 insertions(+), 4 deletions(-)
 create mode 100644 fastlane/metadata/android/en-US/changelogs/107.txt
 create mode 100644 scripts/0malware_bazaar-android.sh

diff --git a/README.md b/README.md
index 11f8d7f..5565652 100644
--- a/README.md
+++ b/README.md
@@ -65,6 +65,7 @@ Credits
 - Nex (@botherder) for extra databases (CC BY-SA 4.0)
 - Amnesty International for extra databases (CC BY 2.0)
 - Echap for extra databases (CC BY 4.0)
+- MalwareBazaar for extra databases (CC0)
 - RecursiveFileObserver.java (GPL-3.0-or-later): Daniel Gultsch, ownCloud Inc., Bartek Przybylski
 - GPGDetachedSignatureVerifier.java (GPL-2.0-or-later): Federico Fissore, Arduino LLC
 - Petra Mirelli for the German/Spanish/Italian translations, the app banner/feature graphic, and various tweaks.
diff --git a/app/build.gradle b/app/build.gradle
index 1c0887e..d670df7 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -6,8 +6,8 @@ android {
         applicationId "us.spotco.malwarescanner"
         minSdkVersion 16
         targetSdkVersion 32
-        versionCode 105
-        versionName "2.32"
+        versionCode 107
+        versionName "2.33"
         resConfigs 'en', 'af', 'de', 'el', 'es', 'fi', 'fr', 'it', 'pl', 'pt', 'ru', 'tr', 'zh-rCN'
     }
     buildTypes {
diff --git a/app/src/main/java/us/spotco/malwarescanner/Database.java b/app/src/main/java/us/spotco/malwarescanner/Database.java
index 892922a..1b0cccc 100644
--- a/app/src/main/java/us/spotco/malwarescanner/Database.java
+++ b/app/src/main/java/us/spotco/malwarescanner/Database.java
@@ -107,6 +107,9 @@ class Database {
             signatureDatabases.add(new SignatureDatabase(baseURL, "eset.hdb.gz"));
             signatureDatabases.add(new SignatureDatabase(baseURL, "eset.hsb.gz"));
         }
+        if (prefs.getBoolean("SIGNATURES_MALWAREBAZAAR-ANDROID", true)) {
+            signatureDatabases.add(new SignatureDatabase(baseURL, "malware_bazaar.hsb.gz"));
+        }
         if (prefs.getBoolean("SIGNATURES_CLAMAV-MAIN", false)) {
             signatureDatabases.add(new SignatureDatabase(baseURL, "main.hdb.gz"));
             signatureDatabases.add(new SignatureDatabase(baseURL, "main.hsb.gz"));
diff --git a/app/src/main/java/us/spotco/malwarescanner/MainActivity.java b/app/src/main/java/us/spotco/malwarescanner/MainActivity.java
index 7d1eb45..3386a4b 100644
--- a/app/src/main/java/us/spotco/malwarescanner/MainActivity.java
+++ b/app/src/main/java/us/spotco/malwarescanner/MainActivity.java
@@ -150,7 +150,8 @@ public class MainActivity extends Activity {
                 localizeDBDescription("ESET\n • SIZE: SIZE_SMALL\n • LICENSE: BSD 2-Clause\n • AUTHOR: ESET\n • SOURCE: https://github.com/eset/malware-ioc\n"),
                 localizeDBDescription("Targeted Threats\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY-SA 4.0\n • AUTHOR: Nex\n • SOURCE: https://github.com/botherder/targetedthreats\n"),
                 localizeDBDescription("Amnesty Tech Investigations\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY 2.0\n • AUTHOR: Amnesty International\n • SOURCE: https://github.com/amnestytech/investigations\n"),
-                localizeDBDescription("Stalkerware\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY 4.0\n • AUTHOR: Echap\n • SOURCE: https://github.com/AssoEchap/stalkerware-indicators")};
+                localizeDBDescription("Stalkerware\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY 4.0\n • AUTHOR: Echap\n • SOURCE: https://github.com/AssoEchap/stalkerware-indicators\n"),
+                localizeDBDescription("MalwareBazaar\n • SIZE: SIZE_SMALL\n • LICENSE: CC0\n • AUTHOR: Abuse.ch\n • SOURCE: https://bazaar.abuse.ch")};
         final boolean[] databaseDefaults = {
                 prefs.getBoolean("SIGNATURES_CLAMAV-ANDROID", true),
                 prefs.getBoolean("SIGNATURES_CLAMAV-MAIN", false),
@@ -158,7 +159,8 @@ public class MainActivity extends Activity {
                 prefs.getBoolean("SIGNATURES_ESET", true),
                 prefs.getBoolean("SIGNATURES_TARGETEDTHREATS", true),
                 prefs.getBoolean("SIGNATURES_AMNESTY", true),
-                prefs.getBoolean("SIGNATURES_STALKERWARE", true)};
+                prefs.getBoolean("SIGNATURES_STALKERWARE", true),
+                prefs.getBoolean("SIGNATURES_MALWAREBAZAAR-ANDROID", true)};
 
         Dialog databaseDialog;
         AlertDialog.Builder databaseBuilder = new AlertDialog.Builder(this);
@@ -173,6 +175,7 @@ public class MainActivity extends Activity {
             prefs.edit().putBoolean("SIGNATURES_TARGETEDTHREATS", databaseDefaults[4]).apply();
             prefs.edit().putBoolean("SIGNATURES_AMNESTY", databaseDefaults[5]).apply();
             prefs.edit().putBoolean("SIGNATURES_STALKERWARE", databaseDefaults[6]).apply();
+            prefs.edit().putBoolean("SIGNATURES_MALWAREBAZAAR-ANDROID", databaseDefaults[7]).apply();
         });
 
         databaseDialog = databaseBuilder.create();
diff --git a/app/src/main/res/values/arrays.xml b/app/src/main/res/values/arrays.xml
index 474c196..b838676 100644
--- a/app/src/main/res/values/arrays.xml
+++ b/app/src/main/res/values/arrays.xml
@@ -21,6 +21,7 @@
         <item>• Nex (@botherder): Signature Databases</item>
         <item>• Amnesty International: Signature Databases</item>
         <item>• Echap: Signature Databases</item>
+        <item>• MalwareBazaar: Signature Databases</item>
         <item>• RecursiveFileObserver.java: Daniel Gultsch, ownCloud Inc., Bartek Przybylski</item>
         <item>• GPGDetachedSignatureVerifier.java: Federico Fissore, Arduino LLC</item>
         <item>• Google: App Icon</item>
diff --git a/fastlane/metadata/android/en-US/changelogs/107.txt b/fastlane/metadata/android/en-US/changelogs/107.txt
new file mode 100644
index 0000000..4c9738e
--- /dev/null
+++ b/fastlane/metadata/android/en-US/changelogs/107.txt
@@ -0,0 +1,2 @@
+* New database with 60k+ signatures from MalwareBazaar by abuse.ch
+* @Manuel-Senpai for updated Spanish translations.
diff --git a/scripts/0malware_bazaar-android.sh b/scripts/0malware_bazaar-android.sh
new file mode 100644
index 0000000..70407a9
--- /dev/null
+++ b/scripts/0malware_bazaar-android.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+#License: GPLv3
+#Description: Hypatia conversion script for https://bazaar.abuse.ch/export/csv/full/ (CC0)
+grep "\"apk\"" full.csv | awk '{ print $3 } ' | sed 's/^"//' | sed 's/",$/:0:MalwareBazaar/' > malware_bazaar.hsb;
+gzip *.hsb;