Clicky

Friday, January 6, 2012

Scavir -- Russian Android SMS / Fraud trojan


Name:                   Scavir
MD5:                    d20cb0bb5d87bfc8394bda0d8964d663
Sample Credits:   with many thanks to Droopy, January 6, 2012
Research:            
Kaspersky Android malware: new traps for users by Denis


Download  - password infected 



01.apk
http://www.virustotal.com/file-scan/report.html?id=600515679c6eedfaee28280a7d140de2f8d302e14a613b5ac0e26533ab62d7ad-1325815606
2012-01-06 02:06:46 (UTC)
Result 10 /43 (23.3%)
Antiy-AVL     2.0.3.7     2012.01.05     Trojan/AndroidOS.Scavir
Avast     6.0.1289.0     2012.01.05     Android:RuFraud-B [Trj]
Emsisoft     5.1.0.11     2012.01.06     Trojan-SMS.AndroidOS.Scavir!IK
F-Secure     9.0.16440.0     2012.01.05     Trojan:Android/RuFailedSMS.A!mfb
GData     22     2012.01.06     Android:RuFraud-B
Ikarus     T3.1.1.109.0     2012.01.06     Trojan-SMS.AndroidOS.Scavir
Kaspersky     9.0.0.837     2012.01.05     HEUR:Trojan-SMS.AndroidOS.Scavir.a
Microsoft     1.7903     2012.01.05     Trojan:AndroidOS/BoxerSms.A
NOD32     6771     2012.01.06     Android/TrojanSMS.Boxer.AE
MD5   : d20cb0bb5d87bfc8394bda0d8964d663

2 comments:

  1. Kaspersky, F-Secure and the rest of the bunch really ought to start using my dexid tool for exact identification. :-)

    This thing is just one variant (the .X variant, to be precise - the latest one) of a family originally reported as FakeSMSInstaller.

    ReplyDelete
  2. Indeed. There are many of the same kind, only names differ.

    ReplyDelete