Wednesday, November 19, 2014

Android Appinventor Trojan Bankers

Research: Securelist Fabio Assolini  Brazilian Trojan Bankers – now on your Android Play Store!
Sample credit: Fabio Assolini

Size: 1802104
MD5:  A18AC7C62C5EFD161039DB29BFDAA8EF

File: appinventor.ai_funayamajogos.Caixa_1.3.2.apk
Size: 1410959
MD5:  00C79B15E024D1B32075E0114475F1E2

Download. Email me if you need the password.
SHA256: a4dfb883171e81888373ab89c4110a9287a7835c17dabf77cc6e30e93a415990
File name: vti-rescan
Detection ratio: 0 / 54
Analysis date: 2014-11-19 18:24:15 UTC

The file being studied is Android related! APK Android file more specifically. The application's main package name is appinventor.ai_funayamajogos.BancodoBrasil. The internal version number of the application is 5. The displayed version string of the application is 5.72. The minimum Android API level for the application to run (MinSDKVersion) is 3.
 Risk summary
 The studied DEX file makes use of API reflection
 Permissions that allow the application to access Internet
 Other permissions that could be considered as dangerous in certain scenarios
 Required permissions
android.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents)
android.permission.INTERNET (full Internet access)
android.permission.ACCESS_WIFI_STATE (view Wi-Fi status)
android.permission.ACCESS_NETWORK_STATE (view network status)
 Permission-related API calls
SHA256: 5689900016bfa4f790c5b2ca790f214b526f06a4a3087153a9650379dea532e9
File name: vti-rescan
Detection ratio: 3 / 55
Analysis date: 2014-11-19 18:13:48 UTC
Avira SPR/ANDR.Appinventor.1298 20141119
Kaspersky HEUR:Trojan-Banker.AndroidOS.Binv.a 20141119
TrendMicro-HouseCall Suspicious_GEN.F47V1115 20141119

No comments:

Post a Comment