Android.Stiniter / TGLoader (malware utilizing Root exploit)

File:                 android.dds.com-STiNiTER.apk
MD5:     E9AA097C6E87690F938BE8C75EF91C27
Sample Credits:   with many thanks to Tim Strazzere, March 27, 2012
Research:   Original Detection Symantec Android.Stiniter
Research:  Security Alert: New TGLoader Android Malware Utilizes the Exploid Root Exploit

Download  - password infected

Contents of capture-site.com Android malware development/distribution site #OCJP by 0Day.jp

ANALYSIS:   #26 Exposing the Android Fraud #Malware Development Site
 Contents of capture-site.com Android malware distribution site by Hendrik Adrian
 


Download (pass infected)

Android FakeToken

File: Android Faketoken
MD5: zip file with the components, not the original apk
 Sample Credits:   with many thanks to anonymous, March 15, 2012
Research:   Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan by Carlos Castillo

Download  - password infected

Android Opfake aka FakeSMSInstaller

File:  opfake
Sample Credits:   with many thanks to  anonymous, March 12, 2012
Research:   Android.Opfake.B Adopts Bot Tactics

Download  - password infected 

Android.Moghava: A Recipe for Mayhem

File: carddeemamaAndroid.apk or irfoods 1.1.apk
MD5:  ec86f084ea0e0d0a33d5f39df19bd7be
Sample Credits:   with many thanks to Sanjay and to anonymous, March 1, 2012
Research:     Symantec Android.Moghava: A Recipe for Mayhem by  Irfan Asrar

Download  - password infected 

Android FakeAngry - Chinese backdoor

File: fake angry.apk
MD5:  394dc498f9ee2e61fb1959bebe1da2b4
Sample Credits:   with many thanks to Sanjay , February 27, 2012
Research:        From China with Love: New Android Backdoor Spreading through Hacked Apps By Bogdan Botezatu

Download  - password infected 

Android.Steek - back from the dead

File: appinventor.ai_joopdamen91.dont_thouch_lite.apk
MD5:  B9430D8CC42230938A353A4B3E4C92F3

File: appinventor.ai_rathiisarun.Ipad2App.apk
MD5:  92c76500a5126f11e392305424771fac

File: appinventor.ai_rathiisarun.XrayScanner.apk
MD5:  3e0ff9d85577e7aab8c3ab0771a87eb5

Sample Credits:      with many thanks to Munaim Ramzan, February 24, 2012
Research:               Appriva: Fraudulent Apps back form the dead by Haroon Malik
P.S. Some say this is not Android Steek

 Download all files - password infected

Android Malware FakeTimer (via #OJCP)

ANALYSIS: #OCJP-010： 14243444.com bananaxxx.maido3.com（206.223.148.230）

hxxp://www.14243444.com/appli02.php
hxxp://14243444.com/appli02.php
hxxp://206.223.148.230/~pj629g01/appli02.php
hxxp://banana8310.maido3.com/~pj629g01/appli02.php
hxxp://banana3247.maido3.com/~pj629g01/appli02.php

File: sp_ntm.apk
Size: 80060
MD5:  44D31414A63A090E5A54670C33E0D1BC

Virustotal

File: sp_mtm.apk
Size: 79930
MD5:  C9C7AE465D712EB79976B34B0F76F1DB

Update Feb. 19.

File: sp_k_test.apk
Size: 80119
MD5:  079B92DF0DA0E57C3DFCD5B8D0D2C82C
Virustotal

Update Feb. 15. 

File: sp_k_test.apk
Size: 79973
MD5:  2B609E4ACFEBBEE57ECF6DDBFD8202D2
https://www.virustotal.com/file/8d9f6939db8f9b54e062403915174431008aa6c87a1803ff9faed072bb7620ee/analysis/

File: sp_btm.apk
Size: 79935
MD5:  CF9BA4996531D40402EFE268C7EFDA91

https://www.virustotal.com/file/eaaadaf6d51487057fb2709cabfca742cf84b97dc5583d3c280175c8ee2d23a2/analysis/1329127575/

Virustotal 

Download 44D31414A63A090E5A54670C33E0D1BC (pass infected)
Download C9C7AE465D712EB79976B34B0F76F1DB  (pass infected) 
Download CF9BA4996531D40402EFE268C7EFDA91 (pass infected) 
Download 2B609E4ACFEBBEE57ECF6DDBFD8202D2 (pass infected)
Download 079B92DF0DA0E57C3DFCD5B8D0D2C82C (password infected)

Fake SuiConFo.apk - Foncy - Android Trojan SMS

Update: February 6, 2012
File: 56033daef6a020d8e64729acb103f818
Name: FoncySMS
MD5:  56033DAEF6A020D8E64729ACB103F818
Sample Credit:  S.Guerrero February 5, 2012
Research: The Butterfly Effect of a Boundary Check by Sergei Shevchenko



Download - Password infected


Download extracted files

• /data/data/com.android.bot/files/header01.png (ELF executable).
• /data/data/com.android.bot/files/footer01.png (ELF executable).
• /data/data/com.android.bot/files/border01.png (Android app - an APK File).

==========================================================================
Name:                    SuiConFo.apk
MD5:                     1a3fb120e5a4bd51cb999a43e2d06d88
Sample Credits:     many thanks to Ian French, December 8, 2011
Research:           Kaspersky: SMS Trojans: all around the world

Download  - password infected

Android Rootsmart malware utilizing Gingerbreak Root exploit

File:                        com.google.android.smart.apk
MD5:                     F70664BB0D45665E79BA9113C5E4D0F4
Sample Credits:   with many thanks to Sanjay and anonymous, February 3, 2012
Research:           Security Alert: New RootSmart Android Malware Utilizes the GingerBreak Root Exploit  

Download  - password infected 

Android VoiceChanger - Israel Premium dialer

File:                        com.VoiceChange.VoiceChangeIL-1.4.apk
MD5:                     5e50470e09f83036a91d0a5e528cb01a
Sample Credits:   with many thanks to Sanjay, February 2, 2012
Research:            Voice changer or voice charger? by by Elad Shapira  - AVG

Download  - password infected 

Android Counterclank

Name:                   Counterclank
MD5:                    3d8e1108999dc35c5b5202985547a25f
Sample Credits:   with many thanks to Sanjay, January 27, 2012
Research:           
Appriva: Google Android Market is infected from new Plankton (Apperhand) variant
Symantec.Android.Counterclank

Additional samples - thanks to Tim "timv"

File: com.christmasgame.balloon.apk
MD5:  c9a2e226cd001a3a4fab1046a10ae50d

File: com.christmasgame.deal.apk
MD5:  937c84956f6b23c98649fb658138ef93

File: com.christmasgame.wildjump.apk
MD5:  bbb02e438d7eaea9e9c4dd013899410c

File: com.redmicapps.puzzles.ladies2.apk
MD5:  95bcbe87750cc5dc2c2d2b02505effee

File: com.redmicapps.puzzles.ladies3.apk
MD5:  3d8e1108999dc35c5b5202985547a25f

Download  - password infected 

Download additional samples - password infected

Android Steek - Fraudulent apps

Name:                   Steek
MD5:      
C4532D66DF9399D603D48716A3F05BF8   appinventor.ai_T10D78.BattlefieldBadCompany2-1-1.1.apk
0DE5C01C9E66BE313970CC3AF017F188    appinventor.ai_T10D78.BloonsTD4-1-1.2.apk
98EB1F31945F4CD97088CF9FBC49D03B    appinventor.ai_T10D78.CallOfDutyZombies-1-1.3.apk
D62B2137083CF1D626C096A3A51815FD    appinventor.ai_T10D78.FIFA12-1-1.4.apk
A879EF0F3DAA3B66EAF9A713559170BA    appinventor.ai_T10D78.GangstarRioCityofSaints-1-1.5.apk
BCB3026536783BC774A05D93BC2F6039   appinventor.ai_T10D78.GangstarWestCoastHustle-1-1.6.apk
5361E076F1744C43DD65CDA00BB89CC5   appinventor.ai_T10D78.GlobalWarRiot-1-1.7.apk
C69D0D8B86BF3946CCBC011767B06919   appinventor.ai_T10D78.JetpackJoyride-1-1.1.apk
6606E8ADAD40E3C5B0B8C347A38EB86B    appinventor.ai_T10D78.MaddenNFL12-1-1.2.apk
2FE8FBF43C1025327E78DA83D0C31BF2   appinventor.ai_T10D78.NinJumpDeluxe-1-1.3.apk
A14790B98C0352D81E1B70DB8A046AEC   appinventor.ai_T10D78.RopenFly-1-1.4.apk
1407CD7C568576115204697FDBBDFA43   appinventor.ai_T10D78.TouchGrind-1-1.5.apk
 FF28B758F18030C14402E100DBB6987E    appinventor.ai_T10D78.WorldOfGoo-1-1.6.apk
1A4ED1CA65321659B139F9CBA9C9CAB4   appinventor.ai_T10D78.ZombieHighway-1-1.7.apk
           
Sample Credits:   with many thanks to anonymous January 12, 2012
Research:            More fraudware headaches for the Android Marketplace 

Download  - password infected 

Large collection of Symbian malware (457 items)

Name:                   Symbian malware (not new but useful for research)
 
Sample Credits:   with special thanks to Oscar Marques mobilemalware.com.br , January 6, 2012
 
 List of files below   

Download  - password infected 

Scavir -- Russian Android SMS / Fraud trojan

Name:                   Scavir
MD5:                    d20cb0bb5d87bfc8394bda0d8964d663
Sample Credits:   with many thanks to Droopy, January 6, 2012
Research:             Kaspersky Android malware: new traps for users by Denis

Download  - password infected 

Nickispy.B - Android Spyware

Classics:
Name:                   Nickispy.B
MD5:                    83A98EABF044826622DB7C211764CDF4
Sample Credits:   with many thanks to Droopy, January 6, 2012
Research:            Virus Profile: Android/NickiSpy.A 8/4/2011

Download  - password infected

Arspam AlSalah - Android malware (Middle East Hactivism - spammer)

Name:                    Arspam AlSalah.apk
MD5:                     E7584031896CB9485D487C355BA5E545
Sample Credits:    with many thanks to Sanjay Gupta and his friends for sharing, December 24, 2011
Research:           Symantec: Android.Arspam
Hactivism goes mobile with Android.Arspam by Stilgherrian

Download  - password infected

Russian Android malware - fake installer

Name:                    com.android.installer.full
MD5:                     F056EE7F8D4931C905157EBD2CC4A795
Sample Credits:     many thanks to Shane Hartman, December 22, 2011

  Download  - password infected

CarrerIQ

Name:   CarrierIQ
Sample credit with many thanks to S.Guerrero, Ryan Johnson, Jojo Edmonds and other kind folks from mobile malware google group for sharing
Information: Carrier IQ: What it is, what it isn't, and what you need to know By Zachary Lutz


List of files - see below


Download all samples  (pass infected)

♫

FakeSMSInstaller_Geared_1.0.2 + Collection of Russian malware and links to malware resources

Name:                   FakeSMSInstaller_Geared_1.0.2
MD5:                    1EFA9D22D9142D73596B17228F37998A
Sample Credits:     many thanks to William Hill, CPU Media, November 11, 2011
Research:             AVG Mobilation Malware information: Android SMS Fake installer from 3^rd party Russian app stores

Name:                   Russian Malware Collection
MD5:                   See the list of files below
Research            Last month I uploaded a collection of the same as above and similar Russian mobile malware together with corresponding links to Russian alternative (often fake) Android markets where you can find more samples.  You can download it from here: RuMarketsMalwarefromMila.zip  See below for the list of malware included

Download FakeSMSInstaller_Geared_1.0.2- password infected
Download  RuMarketsMalwarefromMila.zip