Clicky

Friday, September 30, 2011

Jimm ICQ SMS-Trojan pushed by malicious QR codes


 Russian internet lanscape is fertile not only for windows malware but also for mobile.
There are plenty of SMS trojan variants lurking on sites offering their 'versions' of popular software. A quick search for phone freeware brought a bunch of java and apk sms senders and questionable apps.
Here is one for example http://www.virustotal.com/file-scan/report.html?id=c8263e24046f2902e9c8639a89c2f3da5bbdba4055028b5cc9291143994726e5-1317426885
 I will post all the harvested sms senders in one post after this


Name:                    Jimm ICQ for Android and other phones (jar)
File Name:   
         
File: jimm.apk
MD5:  37A46AEC9AA86831FAA3DDB6B05A05F8
 File: jimm2s.jar
MD5:  B409DB1963DE4287FEB542377B0FE3A1

Sample Credits:     many thanks to anonymous, Sept 30, 2011
Research:              Malicious QR Codes Pushing Android Malware by Denis - Kaspersky Lab



Download  (pass infected)





ile name:
9440bb3da5e1ad862f357248b5da0c59dc7fc96b
Submission date:2011-09-29 02:40:31 (UTC)
Result:11 /43 (25.6%)
http://www.virustotal.com/file-scan/report.html?id=16071d0a064cdca39672dcea0055aaa29750d4c5ba068b5d7b6df8922c5cfc93-1317264031   

Antiy-AVL     2.0.3.7     2011.09.29     Trojan/AndroidOS.Jifake
BitDefender     7.2     2011.09.29     Android.Trojan.Jifake1.B
DrWeb     5.0.2.03300     2011.09.29     Android.SmsSend.26
Emsisoft     5.1.0.11     2011.09.29     Trojan-SMS!IK
F-Secure     9.0.16440.0     2011.09.29     Android.Trojan.Jifake1.B
GData     22     2011.09.29     Android.Trojan.Jifake1.B
Ikarus     T3.1.1.107.0     2011.09.29     Trojan-SMS
Kaspersky     9.0.0.837     2011.09.28     Trojan-SMS.AndroidOS.Jifake.f
Panda     10.0.3.5     2011.09.28     Trj/Jifake.A
TrendMicro-HouseCall     9.500.0.1008     2011.09.29     AndroidOS_JIFAKE.E
VBA32     3.12.16.4     2011.09.28     Trojan-SMS.AndroidOS.Jifake.f
MD5   : 37a46aec9aa86831faa3ddb6b05a05f8
SHA1  : 9440bb3da5e1ad862f357248b5da0c59dc7fc96


http://www.virustotal.com/file-scan/report.html?id=02e9d1f501bf16cc350fde00ee8a785a4cc0e7b82787a359b57c7e8158e1941d-1315639075
0c20f26507a464ce7a0a4bee24f2c4e810eae358.bin
Submission date:2011-09-10 07:17:55 (UTC)
Result:11 /44 (25.0%)
Antiy-AVL     2.0.3.7     2011.09.10     Trojan/J2ME.Jifake
Avast     4.8.1351.0     2011.09.09     Other:Malware-gen
Avast5     5.0.677.0     2011.09.09     Other:Malware-gen
AVG     10.0.0.1190     2011.09.09     Java/SMS.AG
Comodo     10058     2011.09.10     UnclassifiedMalware
DrWeb     5.0.2.03300     2011.09.10     Java.SMSSend.221
Emsisoft     5.1.0.11     2011.09.10     Trojan-SMS!IK
F-Secure     9.0.16440.0     2011.09.10     Riskware:Java/SmsSend.Gen!A
Kaspersky     9.0.0.837     2011.09.10     Trojan-SMS.J2ME.Jifake.e
VBA32     3.12.16.4     2011.09.09     Trojan-SMS.J2ME.Jifake.e
MD5   : b409db1963de4287feb542377b0fe3a1


Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)