Monday, September 15, 2014

iOS AppBuyer malware - infostealer


Research:
Wei Feng Technology Group -Wei Feng Technology Group] on the source of malicious hackers discovered a rogue plug-track hacking  (CN)
Palo Alto  AppBuyer: New iOS Malware Steals Apple ID and Password to Buy Apps; 


Sample credit: Claud Xiao

File: com.archive.plist
MD5:  6EEE2BA0C18C69A71E3F879C2A46BDAA

File: updatesrv
MD5:  1C32F9F05234CAC7DD7A83E3925A3105

File: u2_88
MD5:  B4DAFC195DB19C661C25C54AEA39982B

File: u1_88
MD5:  68424FF30F6FD1DEBD3CFF1997FAB17E

File: u1
MD5:  69147A1AD05D64202B2D7BB0EA1BAB46

File: u2_80
MD5:  5F4741EBAFFD9C53473D79A1252F82CB

File: u1_80
MD5:  B88451E74C1091B9022F7199704959B0


Download. Email me if you need the password.





Sunday, August 3, 2014

Android XXshenqi SMS sender


Research:
Analysis Report: Baidu  http://safe.baidu.com/2014-08/xxshenqi.html
News: http://finance.chinanews.com/it/2014/08-03/6452953.shtml
Sample Credit - Thomas Wang


File: com.android.Trogoogle.apk
Size: 1563595
MD5:  EF819779FC4BEE6117C124FB752ABF57

File: XXshenqi.apk
Size: 2588891
MD5:  9C06E0963A3F3383CD810F5041364BFA

Download. Email me if you need the password





Wednesday, July 23, 2014

Android ScarePackage Ransomware


Research: Lookout. U.S. targeted by coercive mobile ransomware impersonating the FBI
Sample Credit: Tim Strazzere

File: com.android.locker.apk
Size: 488296
MD5:  645A60E6F4393E4B7E2AE16758DD3A11


Download. Email me if you need the password





Monday, June 23, 2014

(Another) Android Trojan Scheme Using Google Cloud Messaging - SMS Spyware



Sample credit: Federico Maggi

File: test98.apk
Size: 1051288
MD5:  D65C5EF9739ABAE77F5B13B8B562B18A

File: test99.apk
Size: 1051283
MD5:  D968FF20B7A25A79E922511101B7F7CC\

File: test97.apk
Size: 1051286
MD5:  5A7C8EB61061F86FDCDBF9118711CC53





Wednesday, June 4, 2014

Simplocker - Android File-Encrypting, TOR-enabled Ransomware


File: fd694cf5ca1dd4967ad6e8c67241114c.bin
Size: 4917678
MD5:  FD694CF5CA1DD4967AD6E8C67241114C

Research: ESET Analyzes First Android File-Encrypting, TOR-enabled Ransomware
Sample credit: Sanjay Gupta


Download. Email me if you need the password




Tuesday, May 6, 2014

Android SMS trojan - Google fake installer (downloader from Dropbox url)


憑證.apk
67235B16BC2FAB6836847EA51703E298


Download. Email me if you need the password


IOS iphone Stealer.A - malware acting as a Substrate module

Android fake AV - Se-cure MobieAV

Android Samsapo.A


Research: ESET: Android malware worm catches unwary users
Sample credit: Steven Chen

Size: 473650
MD5:  60B4EF7037CA6A4D1EE7E3C35C8E27D7
Size: 473875
MD5:  C1F9283B7AD8457160D3C189430F2C75

Download. Email me if you need the password






Android locker from the Reveton team

MD5 fb14553de1f41e3fcdc8f68fd9eed831
hone_Police_Ransom.apk

Sample credit -  Kafeine

Download : http://malware.dontneedcoffee.com/2014/05/police-locker-available-for-your.html?m=1



Android Fake banker

MD5
7276e76298c50d2ee78271cf5114a176
a15b704743f53d3edb9cdd1182ca78d1
aac4d15741abe0ee9b4afe78be090599

Sample credit - anonymous (thank you)



Download. Email me if you need the password




Android SMS trojan Flash fake installer

File: imauyfxuhxd.qhlsrdb-1(20140414)(2).apk
Size: 141987
MD5:  7D25D4CDBF3CFC8B6E9466729B84D348

Sample credit - anonymous




Download. Email me if you need the password



Wednesday, April 2, 2014

Oldboot.B - Android bootkit



Research: Oldboot.B:与Bootkit技术结合的木马隐藏手段的运用 Chinese version: 
English version: Oldboot.B: Bootkit technology combined with the use of a means to hide Trojans 
Author: iRiqium, Zhaorun Ze, Jiang Xuxian

Sample credit: Qing Dong

phone1
sbin/adb_server  a4c89abc46bbb34c6dd2c23caad99d61
sbin/meta_chk 6976d12388939d6cb93e28236212c8c7
init.rc 51b52552baf91d00e8f34ec052339f13

phone2
sbin/meta_chk cea6dd8a13cbce59097ad87fafb91fcd
init.rc f8f8e0b089bedbd58bea8a262229a234

phone3
sbin/agentsysline e5d27b3e64ed5e2ae6d6c063e3ddf08a
sbin/boot_tst 04c6dfa8457f1dd88258d427be089e00
init.rc eec3292341177d9e39530d0ab481ead0


Download. Email me if you need the password

Image by 360.cn

Wednesday, March 26, 2014

Android CoinKrypt - bitcoin miner malware


Research: Lookout. CoinKrypt: How criminals use your phone to mine digital currency
https://github.com/strazzere/android-scripts/blob/master/Decoders/MuchSad/dogekrypt.java
Sample credit: Tim Strazzere


File: com.melodis.midomiMusicIdentifier.apk
Size: 8248809
MD5:  61253FAAC66F34BCF35B80FE767F136E

File: com.ventel.android.radardroid2.apk
Size: 6026091
MD5:  738A0109AB5C37F9EFA7729EACDBE314

File: mikado.bizcalpro.apk
Size: 3330167
MD5:  BCCC62AE0129D484F0407FEDD701D211

Download. Email me if you need the password

Tuesday, March 25, 2014

iOS adware using Cydia


Research: 
New iOS malware use Cydia Substrate to steal advertisement promotion fee by Claud Xiao
or in Chinese http://bbs.pediy.com/showthread.php?p=1270415

1)
File: spad.plist
Size: 302
MD5:  D90A9E9DD3C95E9C12CAFE48F5362781

File: spad.dylib
Size: 166976
MD5:  8099C75F8F3A7BE16A8246FD5B90185A

2) 
Additional binaries
downloaded by the adware to the victims device

File: libgad.dylib
Size: 1070048
MD5:  CE0A6550E51F3C1B1F49C39A297077E0

File: sad
Size: 31952
MD5:  E890CF2B1F9ADC4364B9A38FFFA14ABC


Download. Email me if you need the password
Download additional binaries

Thursday, March 6, 2014

Dendroid - Android spyware

Research: Lookout - Dendroid malware can take over your camera, record audio, and sneak into Google Play

Sample credit: Tim Strazzere

File: com.parental.control.v4.apk
Size: 942846
MD5:  DB01F96D5E66D82F7EB61B85EB96EF6E

File: com.parental.control.v4-dexguarded.apk
Size: 833648
MD5:  52A30B58257D338617A39643E2216D0C

Download: Email me if you need the password




Friday, February 28, 2014

Android iBanking

Research: iBanking Mobile Bot Source Code Leaked

apk files
1F68ADDF38F63FE821B237BC7BAABB3D Chase.apk
009E60205B8FBC780A2DD3083CDD61CB
D1059B52B6127B758581EB86247BC34F
E1B86054468D6AC1274188C0C579CCAF_
F1BC8520754D2AC4A920B3EF5C732380 bot.apk_
F06AF629D33F17938849F822930AE428 ING.apk_


Download. Email me if you need the password





Droidpak - Android targeting Windows malware

Research: Kaspersky -


df4045aa9cb62699bd2ae12f860f2ed1.exe_
577a8c571e2dd610247ecfa0fb3c6cb3_install.exe_
04e8ff68ead683e52b53e174d08eddf4_Voip.dll_