Clicky

Monday, February 27, 2012

Android FakeAngry - Chinese backdoor


File: fake angry.apk
MD5:  394dc498f9ee2e61fb1959bebe1da2b4
Sample Credits:   with many thanks to Sanjay , February 27, 2012
Research:        From China with Love: New Android Backdoor Spreading through Hacked Apps By Bogdan Botezatu



Download  - password infected 





Read more »
0 comments Labels: , Links to this post

Sunday, February 26, 2012

Android.Steek - back from the dead


File: appinventor.ai_joopdamen91.dont_thouch_lite.apk
MD5:  B9430D8CC42230938A353A4B3E4C92F3

File: appinventor.ai_rathiisarun.Ipad2App.apk
MD5:  92c76500a5126f11e392305424771fac

File: appinventor.ai_rathiisarun.XrayScanner.apk
MD5:  3e0ff9d85577e7aab8c3ab0771a87eb5

Sample Credits:      with many thanks to Munaim Ramzan, February 24, 2012
Research:               Appriva: Fraudulent Apps back form the dead by Haroon Malik
P.S. Some say this is not Android Steek

 Download all files - password infected



Read more »
1 comments Labels: , Links to this post

Saturday, February 11, 2012

Android Malware FakeTimer (via #OJCP)

ANALYSIS: #OCJP-010: 14243444.com bananaxxx.maido3.com(206.223.148.230) 

hxxp://www.14243444.com/appli02.php
hxxp://14243444.com/appli02.php
hxxp://206.223.148.230/~pj629g01/appli02.php
hxxp://banana8310.maido3.com/~pj629g01/appli02.php
hxxp://banana3247.maido3.com/~pj629g01/appli02.php
 

File: sp_ntm.apk
Size: 80060
MD5:  44D31414A63A090E5A54670C33E0D1BC

Virustotal

File: sp_mtm.apk
Size: 79930
MD5:  C9C7AE465D712EB79976B34B0F76F1DB

Update Feb. 19.
File: sp_k_test.apk
Size: 80119
MD5:  079B92DF0DA0E57C3DFCD5B8D0D2C82C
Virustotal

Update Feb. 15. 
File: sp_k_test.apk
Size: 79973
MD5:  2B609E4ACFEBBEE57ECF6DDBFD8202D2
https://www.virustotal.com/file/8d9f6939db8f9b54e062403915174431008aa6c87a1803ff9faed072bb7620ee/analysis/

File: sp_btm.apk
Size: 79935
MD5:  CF9BA4996531D40402EFE268C7EFDA91


Virustotal 
Read more »
10 comments Labels: Links to this post

Monday, February 6, 2012

Fake SuiConFo.apk - Foncy - Android Trojan SMS

Update: February 6, 2012
File: 56033daef6a020d8e64729acb103f818
Name: FoncySMS
MD5:  56033DAEF6A020D8E64729ACB103F818
Sample Credit:  S.Guerrero February 5, 2012
Research: The Butterfly Effect of a Boundary Check by Sergei Shevchenko



Download - Password infected


Download extracted files

  • /data/data/com.android.bot/files/header01.png (ELF executable).
  • /data/data/com.android.bot/files/footer01.png (ELF executable).
  • /data/data/com.android.bot/files/border01.png (Android app - an APK File).





==========================================================================
Name:                    SuiConFo.apk
MD5:                     1a3fb120e5a4bd51cb999a43e2d06d88
Sample Credits:     many thanks to Ian French, December 8, 2011
Research:           Kaspersky: SMS Trojans: all around the world


Download  - password infected



Read more »
3 comments Labels: , Links to this post

Friday, February 3, 2012

Android Rootsmart malware utilizing Gingerbreak Root exploit


File:                        com.google.android.smart.apk
MD5:                     F70664BB0D45665E79BA9113C5E4D0F4
Sample Credits:   with many thanks to Sanjay and anonymous, February 3, 2012
Research:           Security Alert: New RootSmart Android Malware Utilizes the GingerBreak Root Exploit  


Download  - password infected 





Read more »
1 comments Labels: , Links to this post

Thursday, February 2, 2012

Android VoiceChanger - Israel Premium dialer


File:                        com.VoiceChange.VoiceChangeIL-1.4.apk
MD5:                     5e50470e09f83036a91d0a5e528cb01a
Sample Credits:   with many thanks to Sanjay, February 2, 2012
Research:            Voice changer or voice charger? by by Elad Shapira  - AVG



Download  - password infected 





Read more »
0 comments Labels: , Links to this post

Friday, January 27, 2012

Android Counterclank


Name:                   Counterclank
MD5:                    3d8e1108999dc35c5b5202985547a25f
Sample Credits:   with many thanks to Sanjay, January 27, 2012
Research:           
Appriva: Google Android Market is infected from new Plankton (Apperhand) variant
Symantec.Android.Counterclank

Additional samples - thanks to Tim "timv"

File: com.christmasgame.balloon.apk
MD5:  c9a2e226cd001a3a4fab1046a10ae50d

File: com.christmasgame.deal.apk
MD5:  937c84956f6b23c98649fb658138ef93

File: com.christmasgame.wildjump.apk
MD5:  bbb02e438d7eaea9e9c4dd013899410c

File: com.redmicapps.puzzles.ladies2.apk
MD5:  95bcbe87750cc5dc2c2d2b02505effee

File: com.redmicapps.puzzles.ladies3.apk
MD5:  3d8e1108999dc35c5b5202985547a25f



Download  - password infected 

Download additional samples - password infected

Read more »
4 comments Labels: Links to this post

Tuesday, January 10, 2012

Android Steek - Fraudulent apps



Name:                   Steek
MD5:      
C4532D66DF9399D603D48716A3F05BF8   appinventor.ai_T10D78.BattlefieldBadCompany2-1-1.1.apk
0DE5C01C9E66BE313970CC3AF017F188    appinventor.ai_T10D78.BloonsTD4-1-1.2.apk
98EB1F31945F4CD97088CF9FBC49D03B    appinventor.ai_T10D78.CallOfDutyZombies-1-1.3.apk
D62B2137083CF1D626C096A3A51815FD    appinventor.ai_T10D78.FIFA12-1-1.4.apk
A879EF0F3DAA3B66EAF9A713559170BA    appinventor.ai_T10D78.GangstarRioCityofSaints-1-1.5.apk
BCB3026536783BC774A05D93BC2F6039   appinventor.ai_T10D78.GangstarWestCoastHustle-1-1.6.apk
5361E076F1744C43DD65CDA00BB89CC5   appinventor.ai_T10D78.GlobalWarRiot-1-1.7.apk
C69D0D8B86BF3946CCBC011767B06919   appinventor.ai_T10D78.JetpackJoyride-1-1.1.apk
6606E8ADAD40E3C5B0B8C347A38EB86B    appinventor.ai_T10D78.MaddenNFL12-1-1.2.apk
2FE8FBF43C1025327E78DA83D0C31BF2   appinventor.ai_T10D78.NinJumpDeluxe-1-1.3.apk
A14790B98C0352D81E1B70DB8A046AEC   appinventor.ai_T10D78.RopenFly-1-1.4.apk
1407CD7C568576115204697FDBBDFA43   appinventor.ai_T10D78.TouchGrind-1-1.5.apk
 FF28B758F18030C14402E100DBB6987E    appinventor.ai_T10D78.WorldOfGoo-1-1.6.apk
1A4ED1CA65321659B139F9CBA9C9CAB4   appinventor.ai_T10D78.ZombieHighway-1-1.7.apk
           
Sample Credits:   with many thanks to anonymous January 12, 2012
Research:            More fraudware headaches for the Android Marketplace 



Download  - password infected 



Read more »
0 comments Labels: , Links to this post

Friday, January 6, 2012

Large collection of Symbian malware (457 items)

Name:                   Symbian malware (not new but useful for research)
 
Sample Credits:   with special thanks to Oscar Marques mobilemalware.com.br , January 6, 2012
 
 List of files below   


Download  - password infected 



Read more »
1 comments Labels: Links to this post

Scavir -- Russian Android SMS / Fraud trojan


Name:                   Scavir
MD5:                    d20cb0bb5d87bfc8394bda0d8964d663
Sample Credits:   with many thanks to Droopy, January 6, 2012
Research:             Kaspersky Android malware: new traps for users by Denis


Download  - password infected 



Read more »
2 comments Labels: , , Links to this post

Nickispy.B - Android Spyware

Classics:
Name:                   Nickispy.B
MD5:                    83A98EABF044826622DB7C211764CDF4
Sample Credits:   with many thanks to Droopy, January 6, 2012
Research:            Virus Profile: Android/NickiSpy.A 8/4/2011




Download  - password infected


Read more »
3 comments Labels: , Links to this post

Saturday, December 24, 2011

Arspam AlSalah - Android malware (Middle East Hactivism - spammer)


Name:                    Arspam AlSalah.apk
MD5:                     E7584031896CB9485D487C355BA5E545
Sample Credits:    with many thanks to Sanjay Gupta and his friends for sharing, December 24, 2011
Research:           Symantec: Android.Arspam
Hactivism goes mobile with Android.Arspam by Stilgherrian



Download  - password infected






Read more »
0 comments Labels: , Links to this post

Russian Android malware - fake installer


Name:                    com.android.installer.full
MD5:                     F056EE7F8D4931C905157EBD2CC4A795
Sample Credits:     many thanks to Shane Hartman, December 22, 2011

  Download  - password infected



Read more »
0 comments Labels: Links to this post

Tuesday, December 20, 2011

CarrerIQ


Name:   CarrierIQ
Sample credit with many thanks to S.Guerrero, Ryan Johnson, Jojo Edmonds and other kind folks from mobile malware google group for sharing
Information: Carrier IQ: What it is, what it isn't, and what you need to know By Zachary Lutz


List of files - see below


Download all samples  (pass infected)






Read more »
0 comments Labels: Links to this post

Friday, November 11, 2011

FakeSMSInstaller_Geared_1.0.2 + Collection of Russian malware and links to malware resources


Name:                   FakeSMSInstaller_Geared_1.0.2
MD5:                    1EFA9D22D9142D73596B17228F37998A
Sample Credits:     many thanks to William Hill, CPU Media, November 11, 2011
Research:             AVG Mobilation Malware information: Android SMS Fake installer from 3rd party Russian app stores

Name:                   Russian Malware Collection
MD5:                   See the list of files below
Research            Last month I uploaded a collection of the same as above and similar Russian mobile malware together with corresponding links to Russian alternative (often fake) Android markets where you can find more samples.  You can download it from here: RuMarketsMalwarefromMila.zip  See below for the list of malware included



Download FakeSMSInstaller_Geared_1.0.2- password infected
Download  RuMarketsMalwarefromMila.zip


Read more »
0 comments Labels: , Links to this post

Sunday, October 23, 2011

RogueSPPush - SMS-Trojan


Name:                 RogueSPPush
File Name:          1314935990854.apk
 MD5:                  56CD8AC9ADFC0E38496939385AA510FA
Research:           New Rogue Android App -- RogueSPPush -- Found in Alternative Android Markets By Xuxian Jiang -Aug 2011
Sample Credits:    with  many thanks to MasterMRZ , October  23, 2011







Read more »
0 comments Labels: Links to this post

Legacy Native (LeNa) - DroidKungFu variant


Name:                   Legacy Native (LeNa)
MD5:                     com.safesys.myvpn.apk 1F5628300EF2A477E39E226FEE73CE51
MD5:                     com.safesys.onekeyvpn.apk EC056818D38D18CB940A64BF89714DF2
Sample Credits:     many thanks to Armando, October 21, 2011
Research:               Lookout Security Alert: Legacy Makes Another Appearance, Meet Legacy Native (LeNa)   By Tim Strazzere



Download both samples - password infected

Read more »
0 comments Labels: , , Links to this post

Saturday, October 22, 2011

Collection of 96 mobile malware samples for Kmin, Basebridge, Geinimi, Root exploits, and PJApps


All files are sorted by types in folders and named by MD5. The list of files is below. I posted examples of what you will find in the previous 20 posts.  Enjoy

Download Android-Malware_SortedTYPE-MD5.zip (password infected)
 
MALWARE TYPE (number of samples)
BASEBRIDGE (3)
YZHC (2)
ROOT EXPLOIT (7)
PJAPPS (16)
GEINIMI (28)
KMIN (40)


Sample credit: Thank to anonymous, Oct. 22, 2011

Read more »
3 comments Labels: , , , , , Links to this post

Root Exploit - Z4Mod Root


Name:               Z4mod
MD5:                 30587d7e5ac828f8b1eaf476d4b19bd2
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011



Read more »
0 comments Labels: , , Links to this post

Geinimi - OPDA CacheMate v2.5.9


Name:                Geinimi  - OPDA CacheMate v2.5.9
MD5:                 8b12ccdc8a69cf2d6a7e6c00f698aaa6
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: , , Links to this post
Subscribe to: Posts (Atom)