Jimm ICQ SMS-Trojan pushed by malicious QR codes

 Russian internet lanscape is fertile not only for windows malware but also for mobile.
There are plenty of SMS trojan variants lurking on sites offering their 'versions' of popular software. A quick search for phone freeware brought a bunch of java and apk sms senders and questionable apps.
Here is one for example http://www.virustotal.com/file-scan/report.html?id=c8263e24046f2902e9c8639a89c2f3da5bbdba4055028b5cc9291143994726e5-1317426885
 I will post all the harvested sms senders in one post after this


Name:                    Jimm ICQ for Android and other phones (jar)
File Name:   
         
File: jimm.apk
MD5:  37A46AEC9AA86831FAA3DDB6B05A05F8
 File: jimm2s.jar
MD5:  B409DB1963DE4287FEB542377B0FE3A1

Sample Credits:     many thanks to anonymous, Sept 30, 2011
Research:              Malicious QR Codes Pushing Android Malware by Denis - Kaspersky Lab

Download  (pass infected)

Ikee iPhone worm

 Adding IkeeD to IkeeB sample we already had. See both below

Name:                   Ikee
File Name:            
Duh - iKeeB
poc-bbot - IkeeD
 
MD5:                    
2a73926229457a3ec9611ec53a2e2249 - IKeeB
24663299e69db8bfce2094c15dfd2325 - IkeeD
Sample Credits:     many thanks to Alberto Ortega, sept 30, 2011
Research:              
An Analysis of the iKee.B (Duh) iphone Botnet Phillip Porras, Hassen Saidi, and Vinod Yegneswaran - SRI
Microsoft June 2010 Backdoor:iPhoneOS/Ikee.D

Download iKeeB and iKeeD (pass infected)

Gone in 60 seconds - Android spyware

Name:                    Gone in 60 seconds
File Name:             
com.gone60-1.apk
com.gone602-1.apk
com.gone603-1.apk
com.gone604-1.apk
com.gone605-1.apk
MD5:                     
859CC9082B8475FE6102CD03D1DF10E5
8D4018A73A35E079ABA1D0FD8A06E522
CB236442CF93A47BC15E3F312F097992
F259DEAAB9A14ECD4AA4107BE9BDA6FD
B99BA24A35C7A49E65D41FFC6B1282BE
Sample Credits:     many thanks to Jason Ross, Sept.29, 2011
Research:            
All data stored on your smartphone ….. gone in 60 seconds by Vlad Constantin ILIE, BitDefender Malware Researcher

AVG Malware information: Gone in 60 Seconds

Download  (pass infected)

Show me your Kung-Fu. Reversing/Forensic Android by Sebastian Guerrero | Malware Intelligence

Show me your Kung-Fu. Reversing/Forensic Android

 

DroidDreamLight - new variant found in a China-based third-party app

Name:                    DroidDreamLight
File Name:             com.button.phone_91595200_0.apk
MD5:                     3D9472D792019E40605ABFA9CB22FBA5
Sample Credits:   many thanks to anonymous, Sept 22, 2011
Research:             Sep16 Massive Code Change for New DroidDreamLight Variant Trend Micro
found in this Android store

Download (pass infected)

Spyeye for Android

Name:                    Spyeye for Android
File Name:             spitmo_cfa9edb8c9648ae2757a85e6066f6515_simseg.apk
MD5:                      cfa9edb8c9648ae2757a85e6066f6515
Sample Credits:     many thanks to evilcry, September 14, 2011
 First SpyEye Attack on Android Mobile

Research:

• First SpyEye Attack on Android Mobile Trusteer
• Malware Analysis: ZitMo Trojan for AndroidOS by Dhawal Desai, Kindsight Security Labs
•  Clash of the Titans 2 – The Rematch: Zitmo (Zeus) v Spitmo (SpyEye)

Download  (pass infected)

See you soon

I will be away until Sept 17. If you would like to share a mobile
malware sample, please email it to me or if you can, use the upload  box
(this way it becomes accessible to others via this link)

DroidDeluxe - root exploit

Name:                    DroidDeluxe - root exploit
File Name:             DroidDeluxe.rar (apk components inside)
MD5:                      bbb6f9a1aad8cc8c38d4441bac4852c0
Sample Credits:     Roberto Rogunix rogunix.com
Research:              Security Alert: New Root-Capable DroidDeluxe Malware Found in Alternative Android Markets
Attribution note: Many German file names  :)

Download  (pass infected)

Androguard - Open Source database of android malwares -

Open Source database of android malwares
Androguard (Android Guard) is a tool to play with :

• .class (JavaVM)
• .dex (DalvikVM)
• APK
• JAR
• Android's binary xml

APKInspector

APKInspector is a powerful GUI tool for analysts to analyze the Android applications. Some modules of APKinspector on based on Androguard http://code.google.com/p/androguard/.

APKinspector Installation Guide

DogoWar / Dog Wars - SMS Trojan, courtesy of Animal Rights defenders

Name:                    AndroidDogowar.apk
File Name:             AndroidDogowar.apk
MD5:                      16521eee3e74a4186ffe731dfaa77a83
Sample Credits:     many thanks to anonymous, August 19, 2011
Research:              Animal Rights protesters use mobile means for their message -  Symantec


Download  (pass infected)

One Year Of Android Malware (Full List) by Paolo Passeri

Il Blog di Paolo Passeri by Paolo Passeri
One Year Of Android Malware (Full List)

great reference for you

Lovetrap - SMS-Trojan

Name:                    Lovetrap-apk
File Name:             Lovetrap-apk
MD5:                     f3497516eab17c642c5ede5ad1e55a15
Sample Credits:     many thanks to anonymous, Aug 3, 2011
Research:              Android.Lovetrap - Symantec Security

Download  (pass infected)

GGTracker - SMS Trojan

Name:                    GGTracker
File Name:             com.space.sexypic.apk
MD5:                     156fdce65eb6e4287aed687a1c9c2589
Sample Credits:    thanks to Tim Strazzere Lookout Mobile Security, July 20, 2011

Name:                    GGTracker
File Name:             batterysaver.apk / t4t.power.management.apk
MD5:                     41080c6169d3e5843c0c0e4abef80e7e

Sample Credits:    thanks to Tim Strazzere Lookout Mobile Security, July 20, 2011
Research:               GGTracker Technical Tear Down - by Tim Strazzere Lookout Mobile Security
                               Security Alert: Android Trojan GGTracker Charges Premium Rate SMS Messages - Lookout Mobile Security

Download com.space.sexypic.apk (pass infected)
Download batterysaver.apk / t4t.power.management.apk (pass infected)

HippoSMS - SMS Trojan

Name:                    HippoSMS
File Name:             hippo.apk
MD5:                     f9bfec4403b573581c4d3807fb1bb3d2
Sample Credits:    thanks to anonymous, July 13, 2011
Research:              Security Alert: New Android Malware -- HippoSMS -- Found in Alternative Android Markets

Download  (pass infected)

HTC.apk - fake security patch

Name:                   HTC fake patch
File Name:             htc.apk
MD5:                    4c8f01db58987c2c3321cdbbb1a2e67a 
Sample Credits:    many thanks to William Hill CPU Media | Kinetoo.com: Android mobile malware scan July 12, 2011 
Research:              CPU Media | Kinetoo.com: Android mobile malware scan July 12, 2011
HTC.apk is a fake security patch found on circulating among Chinese users. It's a phishing attack disguised to appear as a security patch from China Mobile. The infected site is 1OO86.net (note that 10086.net is a legitimate China Mobile site).

Download  (pass infected)

New CONTAGIOminiDUMP

Please welcome the new section of Contagio - CONTAGIOminiDUMP.BLOGSPOT.COM
The old mobile malware Mini-dump (aka "Take a sample, leave a sample" ) grew too large and difficult to use. This section will allow better organization of all the mobile malware. There are not that many samples but it is steadily growing.

This is a work in progress and please send or post your comments regarding the design, hosting, organization and such.

Many thanks to Tim Strazzere for catalyzing the upgrade :)

 ~ Mila

Take a sample, leave a sample. Mobile malware mini-dump - July 8 Update

THE ORIGINAL POST  (I am in the process of breaking it out and organizing like you see in the posts below)

Download

Download files from the mobile malware mini-dump 
 use infected for the password

Current list (~50+ downloads = around 200 individual files as of June, 2011). Hyperlinks lead to Virustotal
Download from the dump link above or click on "download" link if present

1. Zitmo Android Edition (Zeus for mobile) ecbbce17053d6eaf9bf9cb7c71d0af8d  Download (thanks to anonymous, July 8, 2011)  Zitmo hits Android Axelle Apvrille- Fortinet
2. GoldDream.A  BloodvsZombie_com.gamelio.DrawSlasher_1_1.0.1.apk b87f2f3a927bf967736ed43ca2dbfb60 (many  thanks for the sample to oren@avg-mobilation July 6,2011) Download Read more:Security Alert: New Android Malware -- GoldDream -- Found in Alternative App Markets  Xuxian Jiang
3. GoldDream.B v1.0_com.GoldDream.pg_1_1.0.apk f66ee5b8625192d0c17c0736d208b0b (many  thanks for the sample to oren@avg-mobilation July 6,2011) Download Read more: Security Alert: New Android Malware -- GoldDream -- Found in Alternative App Markets  Xuxian Jiang
   
4. DroidKungFu2 -A _com.allen.txthej_1_1.0 F438ED38B59F772E03EB2CAB97FC7685 (many  thanks for the sample to oren@avg-mobilation July 3,2011) Download  Read more: Security Alert: New DroidKungFu Variants Found in Alternative Chinese Android Markets 

Zitmo Android Edition (Zeus for mobile)

MD5:        ecbbce17053d6eaf9bf9cb7c71d0af8d
Credits:     thanks to anonymous, July 8, 2011
Research links:

• Zitmo hits Android Axelle Apvrille- Fortinet
• Dissecting ZeuS for Android (Or is it just an SMS spyware?) July 11, 2011 by Carlos Castillo

Download  (pass infected)

GoldDream

Name:          GoldDream.A
File Name:    BloodvsZombie_com.gamelio.DrawSlasher_1_1.0.1.apk
MD5:            b87f2f3a927bf967736ed43ca2dbfb60
Name:           GoldDream.B
File Name:    v1.0_com.GoldDream.pg_1_1.0.apk
MD5:            f66ee5b8625192d0c17c0736d208b0b
Research:     Security Alert: New Android Malware -- GoldDream -- Found in Alternative App Markets  Xuxian Jiang
Sample credits: many  thanks for the sample to oren@avg-mobilation July 6,2011

Download GoldDream.A
Download GoldDream.B