Wednesday, July 20, 2011

GGTracker - SMS Trojan


Name:                    GGTracker
File Name:             com.space.sexypic.apk
MD5:                     156fdce65eb6e4287aed687a1c9c2589
Sample Credits:   
thanks to Tim Strazzere Lookout Mobile Security, July 20, 2011

Name:
                    GGTracker
File Name:             batterysaver.apk / t4t.power.management.apk
MD5:                     41080c6169d3e5843c0c0e4abef80e7e

Sample Credits:   
thanks to Tim Strazzere Lookout Mobile Security, July 20, 2011
Research:               GGTracker Technical Tear Down - by Tim Strazzere Lookout Mobile Security
                               Security Alert: Android Trojan GGTracker Charges Premium Rate SMS Messages - Lookout Mobile Security


Download com.space.sexypic.apk (pass infected)
Download batterysaver.apk / t4t.power.management.apk (pass infected)



Wednesday, July 13, 2011

HippoSMS - SMS Trojan

Name:                    HippoSMS
File Name:             hippo.apk
MD5:                     f9bfec4403b573581c4d3807fb1bb3d2
Sample Credits:   
thanks to anonymous, July 13, 2011
Research:             
Security Alert: New Android Malware -- HippoSMS -- Found in Alternative Android Markets


Download  (pass infected)



Tuesday, July 12, 2011

HTC.apk - fake security patch


Name:                   HTC fake patch
File Name:             htc.apk
MD5:                    4c8f01db58987c2c3321cdbbb1a2e67a 
Sample Credits:    many thanks to William Hill CPU Media | Kinetoo.com: Android mobile malware scan July 12, 2011 
Research:              CPU Media | Kinetoo.com: Android mobile malware scan July 12, 2011
HTC.apk is a fake security patch found on circulating among Chinese users. It's a phishing attack disguised to appear as a security patch from China Mobile. The infected site is 1OO86.net (note that 10086.net is a legitimate China Mobile site).

Download  (pass infected)



Monday, July 11, 2011

New CONTAGIOminiDUMP

Please welcome the new section of Contagio - CONTAGIOminiDUMP.BLOGSPOT.COM
The old mobile malware Mini-dump (aka "Take a sample, leave a sample" ) grew too large and difficult to use. This section will allow better organization of all the mobile malware. There are not that many samples but it is steadily growing.

This is a work in progress and please send or post your comments regarding the design, hosting, organization and such.

Many thanks to Tim Strazzere for catalyzing the upgrade :)

 ~ Mila

Friday, July 8, 2011

Take a sample, leave a sample. Mobile malware mini-dump - July 8 Update

THE ORIGINAL POST  (I am in the process of breaking it out and organizing like you see in the posts below)


Download

Download files from the mobile malware mini-dump 
 use infected for the password

Current list (~50+ downloads = around 200 individual files as of June, 2011). Hyperlinks lead to Virustotal
Download from the dump link above or click on "download" link if present
  1. Zitmo Android Edition (Zeus for mobile) ecbbce17053d6eaf9bf9cb7c71d0af8d  Download (thanks to anonymous, July 8, 2011)  Zitmo hits Android Axelle Apvrille- Fortinet
  2. GoldDream.A  BloodvsZombie_com.gamelio.DrawSlasher_1_1.0.1.apk b87f2f3a927bf967736ed43ca2dbfb60 (many  thanks for the sample to oren@avg-mobilation July 6,2011) Download Read more:Security Alert: New Android Malware -- GoldDream -- Found in Alternative App Markets  Xuxian Jiang
  3. GoldDream.B v1.0_com.GoldDream.pg_1_1.0.apk f66ee5b8625192d0c17c0736d208b0b (many  thanks for the sample to oren@avg-mobilation July 6,2011) Download Read more: Security Alert: New Android Malware -- GoldDream -- Found in Alternative App Markets  Xuxian Jiang
  4. DroidKungFu2 -A _com.allen.txthej_1_1.0 F438ED38B59F772E03EB2CAB97FC7685 (many  thanks for the sample to oren@avg-mobilation July 3,2011) Download  Read more: Security Alert: New DroidKungFu Variants Found in Alternative Chinese Android Markets 

Zitmo Android Edition (Zeus for mobile)

MD5:        ecbbce17053d6eaf9bf9cb7c71d0af8d
Credits:     thanks to anonymous, July 8, 2011
Research links:



Download  (pass infected)



Wednesday, July 6, 2011

GoldDream


Name:          GoldDream.A
File Name:
    BloodvsZombie_com.gamelio.DrawSlasher_1_1.0.1.apk

MD5:  
          b87f2f3a927bf967736ed43ca2dbfb60
Name:
           GoldDream.B
File Name:
   
v1.0_com.GoldDream.pg_1_1.0.apk
MD5:  
          f66ee5b8625192d0c17c0736d208b0b
Research:    
Security Alert: New Android Malware -- GoldDream -- Found in Alternative App Markets  Xuxian Jiang
Sample credits: many  thanks for the sample to oren@avg-mobilation July 6,2011


Download GoldDream.A
Download GoldDream.B


Sunday, July 3, 2011

DroidKungFu2

Name:                   DroidKungFu2.A
File Name:            _com.tutusw.onekeyvpn_7_1.1.6.apk
MD5:                    F438ED38B59F772E03EB2CAB97FC7685
Name:
                   DroidKungFu2.B
File Name:           
_com.allen.txthej_1_1.0 F4.apk
MD5:                   54bc7a8fb184884a26e4cce74697d3a5
Sample Credits:    
many  thanks for the sample to oren@avg-mobilation July 3,2011
Research:              
Security Alert: New DroidKungFu Variants Found in Alternative Chinese Android Markets  
Download DroidKungFu2 -A (pass infected)
Download DroidKungFu2 -B (pass infected)


Saturday, July 2, 2011

Tap Snake - Spy app

Name:                    android.snake
File Name:            
net.maxicom.android.snake 
MD5:                     7937c1ab615de0e71632fe9d59a259cf
Sample Credits:     
with many thanks to anonymous
Research:             
Tap Snake Game in Android Market is Actually Spy App (UPDATE)


Download  (pass infected)