Clicky

Wednesday, April 18, 2012

Fake Instagram - Fake App Tall Fraud - Android Malware


File:       Fake Instagram
MD5:     69B9691A8274A17CDC22E9681B3E1C74
Sample Credits:   with many thanks to Tim Strazzere, April 18, 2012
Research:   The Continuing Saga of Fake App Toll Fraud  - Lookout






Download  - password infected




Read more »
3 comments Labels: , Links to this post

Android.Qicsomos - Fake CarrierIQ detector-SMS Trojan


File:             Android.Qicsomos.apk
MD5:     69B9691A8274A17CDC22E9681B3E1C74
Sample Credits:   with many thanks to Anonymous,April 17 2012
Research:   Symantec: The Day After the Year in Mobile Malware?
Symantec: Android.Qicsomos


Download  - password infected

Read more »
0 comments Labels: , , Links to this post

Wednesday, April 11, 2012

Spyera (Android commercial App) - aka Tigerbot

Looks like  Tigerbot is a commercial spy app developed by Spyera



File: spyera.apk aka Tigerbot
MD5:  9D0B1B6BBC1568A8A0C7F186B8944905
Sample Credits:   with many thanks to Tim Strazzere to the sample and information, Lookout Security, April 11,  2012
Research:   NQ: Security Alert: New Android Malware — TigerBot — Identified in Alternative Markets





Download  - password infected



Read more »
0 comments Labels: , , Links to this post

Saturday, March 31, 2012

Android DKFBootKit aka LeNa.b and LeNa.c DroidKungFu variant) - new samples



File: com.rovio.new.ads-LeNa.c.apk
MD5:  3B524DD4A7BBD2DE633EBFCFF167FED2


Research: Security Alert: New Variants of Legacy Native (LeNa) Identified By Tim Wyatt
Sample Credits:   with many thanks to Tim Strazzere, April 3, 2012


File:        com.atools.cuttherope-LeNa.b.apk
MD5:      7503128D14FA8FC6B9B64CE6E9CD90E3
SHA1      64013d749086e90bdcfccb86146ad6e62b214cfa

Sample Credits:   with many thanks to Tim Strazzere, March 31, 2012

which is the same as LeNa featured below

Read more »
0 comments Labels: , , , Links to this post

Monday, March 26, 2012

Android.Stiniter / TGLoader (malware utilizing Root exploit)

File:                 android.dds.com-STiNiTER.apk
MD5:     E9AA097C6E87690F938BE8C75EF91C27
Sample Credits:   with many thanks to Tim Strazzere, March 27, 2012
Research:   Original Detection Symantec Android.Stiniter
Research:  Security Alert: New TGLoader Android Malware Utilizes the Exploid Root Exploit


Download  - password infected

Read more »
0 comments Labels: , , Links to this post

Sunday, March 18, 2012

Contents of capture-site.com Android malware development/distribution site #OCJP by 0Day.jp

Read more »
0 comments Links to this post

Thursday, March 15, 2012

Android FakeToken


File: Android Faketoken
MD5: zip file with the components, not the original apk
 Sample Credits:   with many thanks to anonymous, March 15, 2012
Research:   Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan by Carlos Castillo



Download  - password infected




0 comments Labels: Links to this post

Android Opfake aka FakeSMSInstaller


File:  opfake
Sample Credits:   with many thanks to  anonymous, March 12, 2012
Research:   Android.Opfake.B Adopts Bot Tactics


Download  - password infected 





Read more »
2 comments Labels: , Links to this post

Thursday, March 1, 2012

Android.Moghava: A Recipe for Mayhem


File: carddeemamaAndroid.apk or irfoods 1.1.apk
MD5:  ec86f084ea0e0d0a33d5f39df19bd7be
Sample Credits:   with many thanks to Sanjay and to anonymous, March 1, 2012
Research:     Symantec Android.Moghava: A Recipe for Mayhem by  Irfan Asrar


Download  - password infected 



Read more »
0 comments Labels: , Links to this post

Monday, February 27, 2012

Android FakeAngry - Chinese backdoor


File: fake angry.apk
MD5:  394dc498f9ee2e61fb1959bebe1da2b4
Sample Credits:   with many thanks to Sanjay , February 27, 2012
Research:        From China with Love: New Android Backdoor Spreading through Hacked Apps By Bogdan Botezatu



Download  - password infected 





Read more »
0 comments Labels: , Links to this post

Sunday, February 26, 2012

Android.Steek - back from the dead


File: appinventor.ai_joopdamen91.dont_thouch_lite.apk
MD5:  B9430D8CC42230938A353A4B3E4C92F3

File: appinventor.ai_rathiisarun.Ipad2App.apk
MD5:  92c76500a5126f11e392305424771fac

File: appinventor.ai_rathiisarun.XrayScanner.apk
MD5:  3e0ff9d85577e7aab8c3ab0771a87eb5

Sample Credits:      with many thanks to Munaim Ramzan, February 24, 2012
Research:               Appriva: Fraudulent Apps back form the dead by Haroon Malik
P.S. Some say this is not Android Steek

 Download all files - password infected



Read more »
1 comments Labels: , Links to this post

Saturday, February 11, 2012

Android Malware FakeTimer (via #OJCP)

ANALYSIS: #OCJP-010: 14243444.com bananaxxx.maido3.com(206.223.148.230) 

hxxp://www.14243444.com/appli02.php
hxxp://14243444.com/appli02.php
hxxp://206.223.148.230/~pj629g01/appli02.php
hxxp://banana8310.maido3.com/~pj629g01/appli02.php
hxxp://banana3247.maido3.com/~pj629g01/appli02.php
 

File: sp_ntm.apk
Size: 80060
MD5:  44D31414A63A090E5A54670C33E0D1BC

Virustotal

File: sp_mtm.apk
Size: 79930
MD5:  C9C7AE465D712EB79976B34B0F76F1DB

Update Feb. 19.
File: sp_k_test.apk
Size: 80119
MD5:  079B92DF0DA0E57C3DFCD5B8D0D2C82C
Virustotal

Update Feb. 15. 
File: sp_k_test.apk
Size: 79973
MD5:  2B609E4ACFEBBEE57ECF6DDBFD8202D2
https://www.virustotal.com/file/8d9f6939db8f9b54e062403915174431008aa6c87a1803ff9faed072bb7620ee/analysis/

File: sp_btm.apk
Size: 79935
MD5:  CF9BA4996531D40402EFE268C7EFDA91


Virustotal 
Read more »
10 comments Labels: Links to this post

Monday, February 6, 2012

Fake SuiConFo.apk - Foncy - Android Trojan SMS

Update: February 6, 2012
File: 56033daef6a020d8e64729acb103f818
Name: FoncySMS
MD5:  56033DAEF6A020D8E64729ACB103F818
Sample Credit:  S.Guerrero February 5, 2012
Research: The Butterfly Effect of a Boundary Check by Sergei Shevchenko



Download - Password infected


Download extracted files

  • /data/data/com.android.bot/files/header01.png (ELF executable).
  • /data/data/com.android.bot/files/footer01.png (ELF executable).
  • /data/data/com.android.bot/files/border01.png (Android app - an APK File).





==========================================================================
Name:                    SuiConFo.apk
MD5:                     1a3fb120e5a4bd51cb999a43e2d06d88
Sample Credits:     many thanks to Ian French, December 8, 2011
Research:           Kaspersky: SMS Trojans: all around the world


Download  - password infected



Read more »
3 comments Labels: , Links to this post

Friday, February 3, 2012

Android Rootsmart malware utilizing Gingerbreak Root exploit


File:                        com.google.android.smart.apk
MD5:                     F70664BB0D45665E79BA9113C5E4D0F4
Sample Credits:   with many thanks to Sanjay and anonymous, February 3, 2012
Research:           Security Alert: New RootSmart Android Malware Utilizes the GingerBreak Root Exploit  


Download  - password infected 





Read more »
1 comments Labels: , Links to this post

Thursday, February 2, 2012

Android VoiceChanger - Israel Premium dialer


File:                        com.VoiceChange.VoiceChangeIL-1.4.apk
MD5:                     5e50470e09f83036a91d0a5e528cb01a
Sample Credits:   with many thanks to Sanjay, February 2, 2012
Research:            Voice changer or voice charger? by by Elad Shapira  - AVG



Download  - password infected 





Read more »
0 comments Labels: , Links to this post

Friday, January 27, 2012

Android Counterclank


Name:                   Counterclank
MD5:                    3d8e1108999dc35c5b5202985547a25f
Sample Credits:   with many thanks to Sanjay, January 27, 2012
Research:           
Appriva: Google Android Market is infected from new Plankton (Apperhand) variant
Symantec.Android.Counterclank

Additional samples - thanks to Tim "timv"

File: com.christmasgame.balloon.apk
MD5:  c9a2e226cd001a3a4fab1046a10ae50d

File: com.christmasgame.deal.apk
MD5:  937c84956f6b23c98649fb658138ef93

File: com.christmasgame.wildjump.apk
MD5:  bbb02e438d7eaea9e9c4dd013899410c

File: com.redmicapps.puzzles.ladies2.apk
MD5:  95bcbe87750cc5dc2c2d2b02505effee

File: com.redmicapps.puzzles.ladies3.apk
MD5:  3d8e1108999dc35c5b5202985547a25f



Download  - password infected 

Download additional samples - password infected

Read more »
4 comments Labels: Links to this post

Tuesday, January 10, 2012

Android Steek - Fraudulent apps



Name:                   Steek
MD5:      
C4532D66DF9399D603D48716A3F05BF8   appinventor.ai_T10D78.BattlefieldBadCompany2-1-1.1.apk
0DE5C01C9E66BE313970CC3AF017F188    appinventor.ai_T10D78.BloonsTD4-1-1.2.apk
98EB1F31945F4CD97088CF9FBC49D03B    appinventor.ai_T10D78.CallOfDutyZombies-1-1.3.apk
D62B2137083CF1D626C096A3A51815FD    appinventor.ai_T10D78.FIFA12-1-1.4.apk
A879EF0F3DAA3B66EAF9A713559170BA    appinventor.ai_T10D78.GangstarRioCityofSaints-1-1.5.apk
BCB3026536783BC774A05D93BC2F6039   appinventor.ai_T10D78.GangstarWestCoastHustle-1-1.6.apk
5361E076F1744C43DD65CDA00BB89CC5   appinventor.ai_T10D78.GlobalWarRiot-1-1.7.apk
C69D0D8B86BF3946CCBC011767B06919   appinventor.ai_T10D78.JetpackJoyride-1-1.1.apk
6606E8ADAD40E3C5B0B8C347A38EB86B    appinventor.ai_T10D78.MaddenNFL12-1-1.2.apk
2FE8FBF43C1025327E78DA83D0C31BF2   appinventor.ai_T10D78.NinJumpDeluxe-1-1.3.apk
A14790B98C0352D81E1B70DB8A046AEC   appinventor.ai_T10D78.RopenFly-1-1.4.apk
1407CD7C568576115204697FDBBDFA43   appinventor.ai_T10D78.TouchGrind-1-1.5.apk
 FF28B758F18030C14402E100DBB6987E    appinventor.ai_T10D78.WorldOfGoo-1-1.6.apk
1A4ED1CA65321659B139F9CBA9C9CAB4   appinventor.ai_T10D78.ZombieHighway-1-1.7.apk
           
Sample Credits:   with many thanks to anonymous January 12, 2012
Research:            More fraudware headaches for the Android Marketplace 



Download  - password infected 



Read more »
0 comments Labels: , Links to this post

Friday, January 6, 2012

Large collection of Symbian malware (457 items)

Name:                   Symbian malware (not new but useful for research)
 
Sample Credits:   with special thanks to Oscar Marques mobilemalware.com.br , January 6, 2012
 
 List of files below   


Download  - password infected 



Read more »
1 comments Labels: Links to this post

Scavir -- Russian Android SMS / Fraud trojan


Name:                   Scavir
MD5:                    d20cb0bb5d87bfc8394bda0d8964d663
Sample Credits:   with many thanks to Droopy, January 6, 2012
Research:             Kaspersky Android malware: new traps for users by Denis


Download  - password infected 



Read more »
2 comments Labels: , , Links to this post

Nickispy.B - Android Spyware

Classics:
Name:                   Nickispy.B
MD5:                    83A98EABF044826622DB7C211764CDF4
Sample Credits:   with many thanks to Droopy, January 6, 2012
Research:            Virus Profile: Android/NickiSpy.A 8/4/2011




Download  - password infected


Read more »
3 comments Labels: , Links to this post
Subscribe to: Posts (Atom)