Clicky

Friday, September 30, 2011

Jimm ICQ SMS-Trojan pushed by malicious QR codes


 Russian internet lanscape is fertile not only for windows malware but also for mobile.
There are plenty of SMS trojan variants lurking on sites offering their 'versions' of popular software. A quick search for phone freeware brought a bunch of java and apk sms senders and questionable apps.
Here is one for example http://www.virustotal.com/file-scan/report.html?id=c8263e24046f2902e9c8639a89c2f3da5bbdba4055028b5cc9291143994726e5-1317426885
 I will post all the harvested sms senders in one post after this


Name:                    Jimm ICQ for Android and other phones (jar)
File Name:   

         
File: jimm.apk
MD5:  37A46AEC9AA86831FAA3DDB6B05A05F8
 File: jimm2s.jar
MD5:  B409DB1963DE4287FEB542377B0FE3A1

Sample Credits:     many thanks to anonymous, Sept 30, 2011
Research:             
Malicious QR Codes Pushing Android Malware by Denis - Kaspersky Lab



Download  (pass infected)





Ikee iPhone worm


 Adding IkeeD to IkeeB sample we already had. See both below


Name:                   Ikee
File Name:            

Duh - iKeeB
poc-bbot - IkeeD
 
MD5:                    

2a73926229457a3ec9611ec53a2e2249 - IKeeB
24663299e69db8bfce2094c15dfd2325 - IkeeD
Sample Credits:     many thanks to Alberto Ortega, sept 30, 2011
Research:              

An Analysis of the iKee.B (Duh) iphone Botnet Phillip Porras, Hassen Saidi, and Vinod Yegneswaran - SRI
Microsoft June 2010 Backdoor:iPhoneOS/Ikee.D

Download iKeeB and iKeeD (pass infected)



Thursday, September 29, 2011

Gone in 60 seconds - Android spyware


Name:                    Gone in 60 seconds
File Name:             

com.gone60-1.apk
com.gone602-1.apk
com.gone603-1.apk
com.gone604-1.apk
com.gone605-1.apk
MD5:                     

859CC9082B8475FE6102CD03D1DF10E5
8D4018A73A35E079ABA1D0FD8A06E522
CB236442CF93A47BC15E3F312F097992
F259DEAAB9A14ECD4AA4107BE9BDA6FD
B99BA24A35C7A49E65D41FFC6B1282BE
Sample Credits:     many thanks to Jason Ross, Sept.29, 2011
Research:            

All data stored on your smartphone ….. gone in 60 seconds by Vlad Constantin ILIE, BitDefender Malware Researcher




Download  (pass infected)




Thursday, September 22, 2011

DroidDreamLight - new variant found in a China-based third-party app


Name:                    DroidDreamLight
File Name:            
com.button.phone_91595200_0.apk
MD5:                    
3D9472D792019E40605ABFA9CB22FBA5
Sample Credits:   many thanks to anonymous, Sept 22, 2011
Research:            
Sep16 Massive Code Change for New DroidDreamLight Variant Trend Micro
found in this Android store



Download (pass infected)





Wednesday, September 14, 2011

Spyeye for Android


Name:                    Spyeye for Android
File Name:             spitmo_cfa9edb8c9648ae2757a85e6066f6515_simseg.apk
MD5:                      cfa9edb8c9648ae2757a85e6066f6515
Sample Credits:     many thanks to evilcry, September 14, 2011
 First SpyEye Attack on Android Mobile


Research:


Download  (pass infected)





Saturday, September 3, 2011

See you soon


I will be away until Sept 17. If you would like to share a mobile
malware sample, please email it to me or if you can, use the upload  box
(this way it becomes accessible to others via this link)



DroidDeluxe - root exploit


Name:                    DroidDeluxe - root exploit
File Name:             DroidDeluxe.rar (apk components inside)
MD5:                     
bbb6f9a1aad8cc8c38d4441bac4852c0
Sample Credits:     Roberto Rogunix rogunix.com
Research:             
Security Alert: New Root-Capable DroidDeluxe Malware Found in Alternative Android Markets
Attribution note: Many German file names  :)


Download  (pass infected)