Clicky

Tuesday, July 12, 2011

HTC.apk - fake security patch


Name:                   HTC fake patch
File Name:             htc.apk
MD5:                    4c8f01db58987c2c3321cdbbb1a2e67a 
Sample Credits:    many thanks to William Hill CPU Media | Kinetoo.com: Android mobile malware scan July 12, 2011 
Research:              CPU Media | Kinetoo.com: Android mobile malware scan July 12, 2011
HTC.apk is a fake security patch found on circulating among Chinese users. It's a phishing attack disguised to appear as a security patch from China Mobile. The infected site is 1OO86.net (note that 10086.net is a legitimate China Mobile site).

Download  (pass infected)



Htc.apk  4c8f01db58987c2c3321cdbbb1a2e67a
http://www.virustotal.com/file-scan/report.html?id=dcf44f7262682ec2274829e6a14dfde470ca60dc1fbb2b76ff1053230ae305c2-1310464271#
htc.apk
Submission date:2011-07-12 09:51:11 (UTC)
11/ 43 (25.6%)
Antiy-AVL    2.0.3.7    2011.07.12    Trojan/win32.agent
Commtouch    5.3.2.6    2011.07.12    AndroidOS/GenBl.CD34DD20!Olympus
DrWeb    5.0.2.03300    2011.07.12    Android.Evan.7
Emsisoft    5.1.0.8    2011.07.12    Trojan-SMS!IK
Ikarus    T3.1.1.104.0    2011.07.12    Trojan-SMS
Jiangmin    13.0.900    2011.07.11    Trojan/AndroidOS.b
K7AntiVirus    9.108.4894    2011.07.11    -
Kaspersky    9.0.0.837    2011.07.12    Trojan-SMS.AndroidOS.Adsms.c
Panda    10.0.3.5    2011.07.11    Android/AdSMS
Sophos    4.67.0    2011.07.12    Andr/AdSMS-A
TrendMicro    9.200.0.1012    2011.07.12    AndroidOS_ADSMS.A
TrendMicro-HouseCall    9.200.0.1012    2011.07.12    AndroidOS_ADSMS.A
MD5   : 4c8f01db58987c2c3321cdbbb1a2e67a

3 comments:

  1. It's not a new malware. See http://www.symantec.com/security_response/writeup.jsp?docid=2011-051313-4039-99
    According to my tracking, the author was constantly updating it. So, some AV company in VirusTotal cann't detected it now.

    ReplyDelete
  2. Thank you for the comment, I post all kinds of malware - new, old, so please don't hesitate to send.
    Mila

    ReplyDelete
  3. As you point out, it's not brand new. But since we didn't see a sample of it in the Contagio malware dump we thought we would contribute ours.

    ReplyDelete