{"id":16169,"date":"2019-08-26T12:10:06","date_gmt":"2019-08-26T20:10:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/08\/26\/news-9912\/"},"modified":"2019-08-26T12:10:06","modified_gmt":"2019-08-26T20:10:06","slug":"news-9912","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/08\/26\/news-9912\/","title":{"rendered":"Mobile Menace Monday: Android Trojan raises xHelper"},"content":{"rendered":"<p><strong>Credit to Author: Nathan Collier| Date: Mon, 26 Aug 2019 19:04:13 +0000<\/strong><\/p>\n<p>Back in May, we classified what we believed was just another generic <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/blog.malwarebytes.com\/detections\/android-trojan-dropper\/\" target=\"_blank\">Android\/Trojan.Dropper<\/a>, and moved on. We didn\u2019t give this particular mobile malware much thought until months later, when we started noticing it had climbed onto our top 10 list of most detected mobile malware.  <\/p>\n<p>Henceforth, we feel a piece of mobile malware with such a high number of detections prompts a proper name and classification. Therefore, we now call it Android\/Trojan.Dropper.xHelper. Furthermore, this prominent piece of malware deserves a closer look. Let\u2019s discuss the finer points of this not-so-helpful xHelper.<\/p>\n<h3>Package name stealer<\/h3>\n<p>The first noticeable characteristic of xHelper is the use of stolen package names. It isn\u2019t unusual for mobile malware to use the same package name of other legitimate apps. After all, the definition of a <a href=\"https:\/\/blog.malwarebytes.com\/threats\/trojans\/\">Trojan<\/a> as it relates to mobile malware is pretending to be a legitimate app. However, the package names this Trojan has chosen is unusual.<\/p>\n<p>To demonstrate, xHelper uses package names starting with &#8220;com.muf.&#8221; This package name is associated with a number of puzzle games found on Google Play, including a puzzle called New2048HD with the package name  <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.mufc.fireuvw\">com.mufc.fireuvw<\/a>. This simple game only had a little more than 10 installs at the time of this writing. Why this mobile malware is ripping off package names from such low-profile Android apps is a puzzle in itself. In contrast, most mobile Trojans rip off highly-popular package names.<\/p>\n<ul class=\"wp-block-gallery columns-3 is-cropped\">\n<li class=\"blocks-gallery-item\">\n<figure><img decoding=\"async\" data-attachment-id=\"40086\" data-permalink=\"https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/attachment\/1a-2\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1a.png\" data-orig-size=\"1080,1920\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"1a\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1a-169x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1a-338x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1a-338x600.png\" alt=\"\" data-id=\"40086\" data-link=\"https:\/\/blog.malwarebytes.com\/?attachment_id=40086\" class=\"wp-image-40086\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1a-338x600.png 338w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1a-169x300.png 169w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1a.png 1080w\" sizes=\"(max-width: 338px) 100vw, 338px\" \/><\/figure>\n<\/li>\n<li class=\"blocks-gallery-item\">\n<figure><img decoding=\"async\" data-attachment-id=\"40087\" data-permalink=\"https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/attachment\/1b\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1b.png\" data-orig-size=\"1080,1920\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"1b\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1b-169x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1b-338x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1b-338x600.png\" alt=\"\" data-id=\"40087\" data-link=\"https:\/\/blog.malwarebytes.com\/?attachment_id=40087\" class=\"wp-image-40087\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1b-338x600.png 338w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1b-169x300.png 169w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1b.png 1080w\" sizes=\"(max-width: 338px) 100vw, 338px\" \/><\/figure>\n<\/li>\n<li class=\"blocks-gallery-item\">\n<figure><img decoding=\"async\" data-attachment-id=\"40088\" data-permalink=\"https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/attachment\/1c\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1c.png\" data-orig-size=\"1080,1920\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"1c\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1c-169x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1c-338x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1c-338x600.png\" alt=\"\" data-id=\"40088\" data-link=\"https:\/\/blog.malwarebytes.com\/?attachment_id=40088\" class=\"wp-image-40088\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1c-338x600.png 338w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1c-169x300.png 169w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/1c.png 1080w\" sizes=\"(max-width: 338px) 100vw, 338px\" \/><\/figure>\n<\/li>\n<\/ul>\n<h3>Full-stealth vs semi-stealth<\/h3>\n<p>xHelper comes in two variants: full-stealth and semi-stealth.\u00a0 The semi-stealth version is a bit more intriguing, so we&#8217;ll start with this one. On install, the behavior is as follows:<\/p>\n<ol>\n<li>Creates an icon in notifications titled \u201cxhelper\u201d <\/li>\n<li>Does not create an app icon or a shortcut icon<\/li>\n<li>After a couple of minutes, starts adding more icons to notifications: <em>[GameCenter] Free Game<\/em>\n<ol>\n<li>Press on either of these notifications, and it directs you to a website that allows you to play games directly via browser. <\/li>\n<li>These websites seem harmless, but surely the malware authors are collecting pay-for-click profit on each redirect.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<ul class=\"wp-block-gallery columns-3 is-cropped\">\n<li class=\"blocks-gallery-item\">\n<figure><img decoding=\"async\" data-attachment-id=\"40091\" data-permalink=\"https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/attachment\/2a-3\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2a.png\" data-orig-size=\"1080,1920\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"2a\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2a-169x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2a-338x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2a-338x600.png\" alt=\"\" data-id=\"40091\" data-link=\"https:\/\/blog.malwarebytes.com\/?attachment_id=40091\" class=\"wp-image-40091\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2a-338x600.png 338w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2a-169x300.png 169w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2a.png 1080w\" sizes=\"(max-width: 338px) 100vw, 338px\" \/><\/figure>\n<\/li>\n<li class=\"blocks-gallery-item\">\n<figure><img decoding=\"async\" data-attachment-id=\"40092\" data-permalink=\"https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/attachment\/2b-3\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2b.png\" data-orig-size=\"1080,1920\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"2b\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2b-169x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2b-338x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2b-338x600.png\" alt=\"\" data-id=\"40092\" data-link=\"https:\/\/blog.malwarebytes.com\/?attachment_id=40092\" class=\"wp-image-40092\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2b-338x600.png 338w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2b-169x300.png 169w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2b.png 1080w\" sizes=\"(max-width: 338px) 100vw, 338px\" \/><\/figure>\n<\/li>\n<li class=\"blocks-gallery-item\">\n<figure><img decoding=\"async\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/2d-3-338x600.png\" alt=\"\" data-id=\"40097\" data-link=\"https:\/\/blog.malwarebytes.com\/?attachment_id=40097\" class=\"wp-image-40097\"\/><\/figure>\n<\/li>\n<\/ul>\n<p>The full-stealth version also avoids creating an app icon or shortcut icon, but it hides almost all traces of its existence otherwise. There are no icons created in notifications. The only evidence of its presence is a simple <em>xhelper<\/em> listing in the app info section.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"40098\" data-permalink=\"https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/attachment\/3-39\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/3.png\" data-orig-size=\"1080,1920\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"3\" data-image-description=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/3-169x300.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/3-338x600.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/3-338x600.png\" alt=\"\" class=\"wp-image-40098\" width=\"209\" height=\"371\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/3-338x600.png 338w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/3-169x300.png 169w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/3.png 1080w\" sizes=\"auto, (max-width: 209px) 100vw, 209px\" \/><\/figure>\n<\/div>\n<h3>Digging deeper into the dropper<\/h3>\n<p>Mobile Trojan droppers typically contain an APK within the original app that is dropped, or installed, onto the mobile device. The most common place these additional APKs are stored is within the Assets Directory.<\/p>\n<p>In this case, xHelper is not using an APK file stored in the Assets Directory.\u00a0 Instead, it\u2019s a file that claims to be a JAR file, usually with the filename of xhelperdata.jar or firehelper.jar. However, try to open this JAR file in a Java decompiler\/viewer, and you will receive an error. <\/p>\n<p>The error is the result of two reasons: First, it\u2019s actually a DEX file, which is a file that holds Android code unreadable to humans. To clarify, you would need to convert a DEX file to a JAR file to read it. Secondly, this file is encrypted.<\/p>\n<p>Considering that the hidden file is encrypted, we assume that the first step xHelper takes upon opening is decryption. After decryption, it then uses an Android tool known as <a rel=\"noreferrer noopener\" aria-label=\"dex2oat (opens in a new tab)\" href=\"https:\/\/source.android.com\/devices\/tech\/dalvik\/configure\" target=\"_blank\">dex2oat<\/a> that takes an APK file and generates compilation artifact files that the runtime loads. In other words, it loads or runs this hidden DEX file on the mobile device. This is clever workaround to simply installing another APK and obfuscates its true intentions.<\/p>\n<h3>What\u2019s in a DEX<\/h3>\n<p>Every variant of xHelper uses this same method of disguising an encrypted file and loading it at runtime onto a mobile device. In order to further analyze xHelper, we needed to grab a decrypted version of the file caught during runtime. In this case, we were able to do so by running xHelper on a mobile device. Once it finished loading, it was easy to export the DEX file from storage.\u00a0 <\/p>\n<p>However, even the decrypted version is an obfuscated tough nut to crack.\u00a0 In addition, each variant has slightly different code, making it difficult to pinpoint exactly what is the objective of the mobile malware.  <\/p>\n<p>Nevertheless, it&#8217;s my belief that its main function is to allow remote commands to be sent to the mobile device, aligning with its behavior of hiding in the background like a backdoor. Regardless of its true intentions, the clever attempt to obfuscate its dropper behavior is enough to classify this as a nasty threat.<\/p>\n<h3>High probability of infection<\/h3>\n<p>With xHelper being on our top 10 most detected list, there is a good chance Android users might come across it. Since we added the detection in mid-May 2019, it has been removed from nearly 33,000 mobile devices running <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/play.google.com\/store\/apps\/details?id=org.malwarebytes.antimalware\" target=\"_blank\">Malwarebytes for Android<\/a>. That number continues to rise by the hundreds daily.<\/p>\n<p>The big question: What is the source of infection that is making this Trojan so prominent? Obviously this type of traffic wouldn&#8217;t come from carelessly installing third-party apps alone. Further analysis shows that xHelper is being hosted on IP addresses in the United States. One was found in New York City, New York; and another in Dallas, Texas. Therefore, it\u2019s safe to say this is an attack targeting the United States.<\/p>\n<p>We can, for the most part, conclude that this mobile infection is being spread by web redirects, perhaps via the game websites mentioned above, which are hosted in the US as well, or other shady websites. <\/p>\n<p>If confirmed to be true, our theory highlights the need to be cautious of the mobile websites you visit. Also, if your web browser redirects you to another site, be extra cautious about click anything. In most cases, simply backing out of the website using the Android\u2019s back key will keep you safe.\u00a0 <\/p>\n<p>Stay safe out there!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/\">Mobile Menace Monday: Android Trojan raises xHelper<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Nathan Collier| Date: Mon, 26 Aug 2019 19:04:13 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/' title='Mobile Menace Monday: Android Trojan raises xHelper'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/08\/xhelper_featured_image_resized.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>Since its introduction in May 2019, the xHelper dropper, an Android Trojan, has climbed to our top 10 list of most detected mobile malware.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/android\/\" rel=\"category tag\">Android<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/android\/\" rel=\"tag\">Android<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/android-malware\/\" rel=\"tag\">android malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/android-trojan-dropper-xhelper\/\" rel=\"tag\">Android\/Trojan.Dropper.xHelper<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mobile-malware\/\" rel=\"tag\">mobile malware<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/mobile-menace-monday\/\" rel=\"tag\">mobile menace monday<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/xhelper\/\" rel=\"tag\">xHelper<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/' title='Mobile Menace Monday: Android Trojan raises xHelper'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/android\/2019\/08\/mobile-menace-monday-android-trojan-raises-xhelper\/\">Mobile Menace Monday: Android Trojan raises xHelper<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10462,11254,22741,11255,10555,22742],"class_list":["post-16169","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-android","tag-android-malware","tag-android-trojan-dropper-xhelper","tag-mobile-malware","tag-mobile-menace-monday","tag-xhelper"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16169"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16169\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16169"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}