Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:00:28 UTC
Home > List all groups > List all tools > List all groups using tool DarthPusher
 Tool: DarthPusher
Names DarthPusher
Category Malware
Type Info stealer
Description
Among the security vulnerabilities spotted in the Xioami Mi4 is an adware program called
DarthPusher, which security experts say is used to deliver ads to the device. The actual adware
is named “Yt Service,” and the developer changed the package name to make it appear as if it
was developed by Google. Of course, DarthPusher was not developed by Google, nor does
Google have any stake in the program. But it’s found on the Xiaomi Mi4 nonetheless, and
users are forced to run it by default.
Information
Last change to this tool card: 02 July 2020
Download this tool card in JSON format
All groups using tool DarthPusher
Changed Name Country Observed
APT groups
 Ke3chang, Vixen Panda, APT 15, GREF, Playful Dragon 2010-Oct 2024
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1d06d645-c68d-4260-99a7-5e4dc5e5ede9
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1d06d645-c68d-4260-99a7-5e4dc5e5ede9
Page 1 of 1