Clicky

Friday, January 27, 2012

Android Counterclank


Name:                   Counterclank
MD5:                    3d8e1108999dc35c5b5202985547a25f
Sample Credits:   with many thanks to Sanjay, January 27, 2012
Research:           
Appriva: Google Android Market is infected from new Plankton (Apperhand) variant
Symantec.Android.Counterclank

Additional samples - thanks to Tim "timv"

File: com.christmasgame.balloon.apk
MD5:  c9a2e226cd001a3a4fab1046a10ae50d

File: com.christmasgame.deal.apk
MD5:  937c84956f6b23c98649fb658138ef93

File: com.christmasgame.wildjump.apk
MD5:  bbb02e438d7eaea9e9c4dd013899410c

File: com.redmicapps.puzzles.ladies2.apk
MD5:  95bcbe87750cc5dc2c2d2b02505effee

File: com.redmicapps.puzzles.ladies3.apk
MD5:  3d8e1108999dc35c5b5202985547a25f



Download  - password infected 

Download additional samples - password infected

Read more »
4 comments Labels:

Tuesday, January 10, 2012

Android Steek - Fraudulent apps



Name:                   Steek
MD5:      
C4532D66DF9399D603D48716A3F05BF8   appinventor.ai_T10D78.BattlefieldBadCompany2-1-1.1.apk
0DE5C01C9E66BE313970CC3AF017F188    appinventor.ai_T10D78.BloonsTD4-1-1.2.apk
98EB1F31945F4CD97088CF9FBC49D03B    appinventor.ai_T10D78.CallOfDutyZombies-1-1.3.apk
D62B2137083CF1D626C096A3A51815FD    appinventor.ai_T10D78.FIFA12-1-1.4.apk
A879EF0F3DAA3B66EAF9A713559170BA    appinventor.ai_T10D78.GangstarRioCityofSaints-1-1.5.apk
BCB3026536783BC774A05D93BC2F6039   appinventor.ai_T10D78.GangstarWestCoastHustle-1-1.6.apk
5361E076F1744C43DD65CDA00BB89CC5   appinventor.ai_T10D78.GlobalWarRiot-1-1.7.apk
C69D0D8B86BF3946CCBC011767B06919   appinventor.ai_T10D78.JetpackJoyride-1-1.1.apk
6606E8ADAD40E3C5B0B8C347A38EB86B    appinventor.ai_T10D78.MaddenNFL12-1-1.2.apk
2FE8FBF43C1025327E78DA83D0C31BF2   appinventor.ai_T10D78.NinJumpDeluxe-1-1.3.apk
A14790B98C0352D81E1B70DB8A046AEC   appinventor.ai_T10D78.RopenFly-1-1.4.apk
1407CD7C568576115204697FDBBDFA43   appinventor.ai_T10D78.TouchGrind-1-1.5.apk
 FF28B758F18030C14402E100DBB6987E    appinventor.ai_T10D78.WorldOfGoo-1-1.6.apk
1A4ED1CA65321659B139F9CBA9C9CAB4   appinventor.ai_T10D78.ZombieHighway-1-1.7.apk
           
Sample Credits:   with many thanks to anonymous January 12, 2012
Research:            More fraudware headaches for the Android Marketplace 



Download  - password infected 



Read more »
0 comments Labels: ,

Friday, January 6, 2012

Large collection of Symbian malware (457 items)

Name:                   Symbian malware (not new but useful for research)
 
Sample Credits:   with special thanks to Oscar Marques mobilemalware.com.br , January 6, 2012
 
 List of files below   


Download  - password infected 



Read more »
1 comments Labels:

Scavir -- Russian Android SMS / Fraud trojan


Name:                   Scavir
MD5:                    d20cb0bb5d87bfc8394bda0d8964d663
Sample Credits:   with many thanks to Droopy, January 6, 2012
Research:             Kaspersky Android malware: new traps for users by Denis


Download  - password infected 



Read more »
2 comments Labels: , ,

Nickispy.B - Android Spyware

Classics:
Name:                   Nickispy.B
MD5:                    83A98EABF044826622DB7C211764CDF4
Sample Credits:   with many thanks to Droopy, January 6, 2012
Research:            Virus Profile: Android/NickiSpy.A 8/4/2011




Download  - password infected


Read more »
3 comments Labels: ,

Saturday, December 24, 2011

Arspam AlSalah - Android malware (Middle East Hactivism - spammer)


Name:                    Arspam AlSalah.apk
MD5:                     E7584031896CB9485D487C355BA5E545
Sample Credits:    with many thanks to Sanjay Gupta and his friends for sharing, December 24, 2011
Research:           Symantec: Android.Arspam
Hactivism goes mobile with Android.Arspam by Stilgherrian



Download  - password infected






Read more »
0 comments Labels: ,

Russian Android malware - fake installer


Name:                    com.android.installer.full
MD5:                     F056EE7F8D4931C905157EBD2CC4A795
Sample Credits:     many thanks to Shane Hartman, December 22, 2011

  Download  - password infected



Read more »
0 comments Labels:

Tuesday, December 20, 2011

CarrerIQ


Name:   CarrierIQ
Sample credit with many thanks to S.Guerrero, Ryan Johnson, Jojo Edmonds and other kind folks from mobile malware google group for sharing
Information: Carrier IQ: What it is, what it isn't, and what you need to know By Zachary Lutz


List of files - see below


Download all samples  (pass infected)






Read more »
0 comments Labels:

Friday, November 11, 2011

FakeSMSInstaller_Geared_1.0.2 + Collection of Russian malware and links to malware resources


Name:                   FakeSMSInstaller_Geared_1.0.2
MD5:                    1EFA9D22D9142D73596B17228F37998A
Sample Credits:     many thanks to William Hill, CPU Media, November 11, 2011
Research:             AVG Mobilation Malware information: Android SMS Fake installer from 3rd party Russian app stores

Name:                   Russian Malware Collection
MD5:                   See the list of files below
Research            Last month I uploaded a collection of the same as above and similar Russian mobile malware together with corresponding links to Russian alternative (often fake) Android markets where you can find more samples.  You can download it from here: RuMarketsMalwarefromMila.zip  See below for the list of malware included



Download FakeSMSInstaller_Geared_1.0.2- password infected
Download  RuMarketsMalwarefromMila.zip


Read more »
0 comments Labels: ,

Sunday, October 23, 2011

RogueSPPush - SMS-Trojan


Name:                 RogueSPPush
File Name:          1314935990854.apk
 MD5:                  56CD8AC9ADFC0E38496939385AA510FA
Research:           New Rogue Android App -- RogueSPPush -- Found in Alternative Android Markets By Xuxian Jiang -Aug 2011
Sample Credits:    with  many thanks to MasterMRZ , October  23, 2011







Read more »
0 comments Labels:

Legacy Native (LeNa) - DroidKungFu variant


Name:                   Legacy Native (LeNa)
MD5:                     com.safesys.myvpn.apk 1F5628300EF2A477E39E226FEE73CE51
MD5:                     com.safesys.onekeyvpn.apk EC056818D38D18CB940A64BF89714DF2
Sample Credits:     many thanks to Armando, October 21, 2011
Research:               Lookout Security Alert: Legacy Makes Another Appearance, Meet Legacy Native (LeNa)   By Tim Strazzere



Download both samples - password infected

Read more »
0 comments Labels: , ,

Saturday, October 22, 2011

Collection of 96 mobile malware samples for Kmin, Basebridge, Geinimi, Root exploits, and PJApps


All files are sorted by types in folders and named by MD5. The list of files is below. I posted examples of what you will find in the previous 20 posts.  Enjoy

Download Android-Malware_SortedTYPE-MD5.zip (password infected)
 
MALWARE TYPE (number of samples)
BASEBRIDGE (3)
YZHC (2)
ROOT EXPLOIT (7)
PJAPPS (16)
GEINIMI (28)
KMIN (40)


Sample credit: Thank to anonymous, Oct. 22, 2011

Read more »
3 comments Labels: , , , , ,

Root Exploit - Z4Mod Root


Name:               Z4mod
MD5:                 30587d7e5ac828f8b1eaf476d4b19bd2
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011



Read more »
0 comments Labels: , ,

Geinimi - OPDA CacheMate v2.5.9


Name:                Geinimi  - OPDA CacheMate v2.5.9
MD5:                 8b12ccdc8a69cf2d6a7e6c00f698aaa6
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: , ,

Root Exploit - Universal Androot


File Name:            corner23.android.universal androot.apk

MD5:                    4e26a200ab149819dcdcf273f5ab171a
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Read more »
0 comments Labels: ,

Geinimi - Android SPL meter


File Name:              com.splGUI.splMeter.apk

MD5:                      08e4a73f0f352c3accc03ea9d4e9467f
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: , ,

Geinimi - com.feasy.jewels.Gel


File name:          com.feasy.jewels.Bears

MD5:                543e9d86dd28005342a3313bdc588009
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011

Read more »
0 comments Labels: , ,

Geinimi - Banking Trojan www.ipay.com.cn


MD5:                    3374d6322542d6aec9d319df335215e5
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Read more »
0 comments Labels: , ,

Geinimi - Armored Strike


Name:                Armored Strike
File Name:         com.requiem.armoredStrike.apk
 MD5:                 5d27c7d0c5630f4c7a8b7a8f45512f09
Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)

or Download an archive with all the files donated on Oct. 21. 2011



Read more »
0 comments Labels: , ,

Geinimi - MetroXing Chinese metro maps

 
Name:              com.etagmedia.metro.apk   Beijing, Guangzhou, Shanghai, Shenzhen  - metro maps
MD5:              54fad8426e03a05279223173ec7d2fe2
 Sample Credits:     many thanks to a very generous anonymous donation, October  21, 2011
 
Download  (password infected)


or Download an archive with all the files donated on Oct. 21. 2011


Read more »
0 comments Labels: , ,
Subscribe to: Posts (Atom)