contagio mobile: HTC.apk - fake security patch

Tuesday, July 12, 2011

HTC.apk - fake security patch

Name:           HTC fake patch
File Name:             htc.apk
MD5:          4c8f01db58987c2c3321cdbbb1a2e67a
Sample Credits:    many thanks to William Hill CPU Media | Kinetoo.com: Android mobile malware scan July 12, 2011
Research:        CPU Media | Kinetoo.com: Android mobile malware scan July 12, 2011
HTC.apk is a fake security patch found on circulating among Chinese users. It's a phishing attack disguised to appear as a security patch from China Mobile. The infected site is 1OO86.net (note that 10086.net is a legitimate China Mobile site).

Download (pass infected)

Htc.apk 4c8f01db58987c2c3321cdbbb1a2e67a
http://www.virustotal.com/file-scan/report.html?id=dcf44f7262682ec2274829e6a14dfde470ca60dc1fbb2b76ff1053230ae305c2-1310464271#
htc.apk
Submission date:2011-07-12 09:51:11 (UTC)
11/ 43 (25.6%)
Antiy-AVL    2.0.3.7    2011.07.12    Trojan/win32.agent
Commtouch    5.3.2.6    2011.07.12    AndroidOS/GenBl.CD34DD20!Olympus
DrWeb    5.0.2.03300    2011.07.12    Android.Evan.7
Emsisoft    5.1.0.8    2011.07.12    Trojan-SMS!IK
Ikarus    T3.1.1.104.0    2011.07.12    Trojan-SMS
Jiangmin    13.0.900    2011.07.11    Trojan/AndroidOS.b
K7AntiVirus    9.108.4894    2011.07.11    -
Kaspersky    9.0.0.837    2011.07.12    Trojan-SMS.AndroidOS.Adsms.c
Panda    10.0.3.5    2011.07.11    Android/AdSMS
Sophos    4.67.0    2011.07.12    Andr/AdSMS-A
TrendMicro    9.200.0.1012    2011.07.12    AndroidOS_ADSMS.A
TrendMicro-HouseCall    9.200.0.1012    2011.07.12    AndroidOS_ADSMS.A
MD5   : 4c8f01db58987c2c3321cdbbb1a2e67a

3 comments:

Claud XiaoJuly 12, 2011 at 8:09 AM
It's not a new malware. See http://www.symantec.com/security_response/writeup.jsp?docid=2011-051313-4039-99
According to my tracking, the author was constantly updating it. So, some AV company in VirusTotal cann't detected it now.
ReplyDelete
Replies
MilaJuly 12, 2011 at 8:47 AM
Thank you for the comment, I post all kinds of malware - new, old, so please don't hesitate to send.
Mila
ReplyDelete
Replies
WilliamJuly 12, 2011 at 10:38 AM
As you point out, it's not brand new. But since we didn't see a sample of it in the Contagio malware dump we thought we would contribute ours.
ReplyDelete
Replies

Add comment

Malware List

See the categories for the malware listed on this blog.
Items listed below are old and were posted on contagio before - HERE
Android.Bgserv
BasebridgeA
BasebridgeB
CollectionofJavamobilemalware
CollectionofSymbianmalware
DDreamLight
Doombot_1.sis
DroidDreamvariants
DroidKungFu.A
DroidKungFu.B
Dust.exePocketPCfileinfector2004
Fake10086
FSCGAD_1.00.8.apk
Geinimi.1299167838 swampy.sexpos.apk
Holy***kingBible
iCalendar
ikeeBiphone
iMatch
JavaMobileMalwareSMSsender.zip
jSMSHider
MonkeyJump2.0.apk
Mosquito.1_1.sis
myournetpower.SuperSolo.apk
Palm:Phage
PJApps variants
PMCryptic.exeWindowsCEmalware-2008
PMSW_V1.8_.apk
pornoplayer.apk
RZStudio
SMS_Replicator_Secret.apk
SMStrojan-Tank_3d.jar
SymbianCabir
SymbOS_Zitmo.ACERT.SIS
Trojan.Palm.Liberty
Trojan.Palm.Vapor
Trojan-SMSforAndroidFakePlayerRUapk