Sample Credits: Tim Strazzere
Research: Lookout: Security Alert: CI4 SMS Bot
Monday, June 25, 2012
Android CI4 SMS Bot
Sample Credits: Tim Strazzere
Research: Lookout: Security Alert: CI4 SMS Bot
Thursday, June 21, 2012
Android Security Suite Premium = New ZitMo
Sample Credits: with many thanks to Arvind Kumar , June 20, 2012
Research: Kaspersky SecureList Android Security Suite Premium = New ZitMo
Download (password infected)Friday, May 18, 2012
See you in two weeks
 |
| Angus McIntyre |
I will be traveling and will not have time for posts until June. If you sent any files to me recently and I did not post / did not reply, please accept my sincere apologies, it has been a busy period.
Please continue to share and upload files to Contagio Community and Contagio Mobile dump where it will be available immediately to others via the main download link posted there.
I hope you all have a great end of spring and glorious summer.
Thank you
Mila
Thursday, May 3, 2012
NotCompatible - Android Drive-by malware
Sample Credits: with many thanks to Tim Strazzere, May 3, 2012
Research: UPDATE: Security Alert: Hacked Websites Serve Suspicious Android Apps (NotCompatible) - Lookout
Download (password infected)Tuesday, May 1, 2012
Android Gamex Trojan
File: de.mehrmannd.sdbooster-GAMEX.apk
Size: 256139
MD5: 50836808A5FE7FEBB6CE8B2109D6C93A
Sample Credits: with many thanks to Tim Strazzere, April 30, 2012
Research: Security Alert: Gamex Trojan Hides in Root-Required Apps – Tricking Users into Downloads - Lookout
Download (password infected)
Size: 256139
MD5: 50836808A5FE7FEBB6CE8B2109D6C93A
Sample Credits: with many thanks to Tim Strazzere, April 30, 2012
Research: Security Alert: Gamex Trojan Hides in Root-Required Apps – Tricking Users into Downloads - Lookout
Download (password infected)Android PJApps - 2011 - Liveprints wallpaper
File: Newfpwap_com_liveprintslivewallpaper.apk
Size: 1316981
MD5: A84997B0D220E6A63E2943DA64FFA38C
Sample Credits: with many thanks to anonymous April 28, 2012
Download - password infectedFriday, April 20, 2012
Android Copy9 - commercial spy app - Potentially Unwanted (PUP app)
File: Copy9 - commerical product (http://copy9.com - "The Number 1 solution for Spy"
MD5: 69B9691A8274A17CDC22E9681B3E1C74
Sample Credits: with many thanks to Harsh, April 20, 2012
CleanMX report: http://support.clean-mx.de/clean-mx/viruses?id=1448570
Original location: http://copy9.com/download/copy9_23.apk
Download - password infected
MD5: 69B9691A8274A17CDC22E9681B3E1C74
Sample Credits: with many thanks to Harsh, April 20, 2012
CleanMX report: http://support.clean-mx.de/clean-mx/viruses?id=1448570
Original location: http://copy9.com/download/copy9_23.apk
Download - password infectedWednesday, April 18, 2012
Fake Instagram - Fake App Tall Fraud - Android Malware
File: Fake Instagram
MD5: 69B9691A8274A17CDC22E9681B3E1C74
Sample Credits: with many thanks to Tim Strazzere, April 18, 2012
Research: The Continuing Saga of Fake App Toll Fraud - Lookout
Download - password infected
MD5: 69B9691A8274A17CDC22E9681B3E1C74
Sample Credits: with many thanks to Tim Strazzere, April 18, 2012
Research: The Continuing Saga of Fake App Toll Fraud - Lookout
Download - password infected
Android.Qicsomos - Fake CarrierIQ detector-SMS Trojan
MD5: 69B9691A8274A17CDC22E9681B3E1C74
Sample Credits: with many thanks to Anonymous,April 17 2012
Research: Symantec: The Day After the Year in Mobile Malware?
Symantec: Android.Qicsomos
Download - password infectedWednesday, April 11, 2012
Spyera (Android commercial App) - aka Tigerbot
Looks like Tigerbot is a commercial spy app developed by SpyeraFile: spyera.apk aka Tigerbot
MD5: 9D0B1B6BBC1568A8A0C7F186B8944905
Sample Credits: with many thanks to Tim Strazzere to the sample and information, Lookout Security, April 11, 2012
Research: NQ: Security Alert: New Android Malware — TigerBot — Identified in Alternative Markets
Download - password infected
Saturday, March 31, 2012
Android DKFBootKit aka LeNa.b and LeNa.c DroidKungFu variant) - new samples
File: com.rovio.new.ads-LeNa.c.apk
MD5: 3B524DD4A7BBD2DE633EBFCFF167FED2
Research: Security Alert: New Variants of Legacy Native (LeNa) Identified By Tim Wyatt
Sample Credits: with many thanks to Tim Strazzere, April 3, 2012
MD5: 7503128D14FA8FC6B9B64CE6E9CD90E3
SHA1 64013d749086e90bdcfccb86146ad6e62b214cfa
Sample Credits: with many thanks to Tim Strazzere, March 31, 2012
Research: 2012 NQMobile Security Alert: New Android Malware — DKFBootKit — Moves Towards The First Android BootKit
which is the same as LeNa featured below
Monday, March 26, 2012
Android.Stiniter / TGLoader (malware utilizing Root exploit)
File: android.dds.com-STiNiTER.apk
MD5: E9AA097C6E87690F938BE8C75EF91C27
Sample Credits: with many thanks to Tim Strazzere, March 27, 2012
Research: Original Detection Symantec Android.Stiniter
Research: Security Alert: New TGLoader Android Malware Utilizes the Exploid Root Exploit
Download - password infected
MD5: E9AA097C6E87690F938BE8C75EF91C27
Sample Credits: with many thanks to Tim Strazzere, March 27, 2012
Research: Original Detection Symantec Android.Stiniter
Research: Security Alert: New TGLoader Android Malware Utilizes the Exploid Root Exploit
Download - password infectedSunday, March 18, 2012
Thursday, March 15, 2012
Android FakeToken
File: Android Faketoken
MD5: zip file with the components, not the original apk
Sample Credits: with many thanks to anonymous, March 15, 2012
Research: Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan by Carlos Castillo
Download - password infectedAndroid Opfake aka FakeSMSInstaller
File: opfake
Sample Credits: with many thanks to anonymous, March 12, 2012
Research: Android.Opfake.B Adopts Bot Tactics
Download - password infected
Thursday, March 1, 2012
Android.Moghava: A Recipe for Mayhem
File: carddeemamaAndroid.apk or irfoods 1.1.apk
MD5: ec86f084ea0e0d0a33d5f39df19bd7be
Sample Credits: with many thanks to Sanjay and to anonymous, March 1, 2012
Research: Symantec Android.Moghava: A Recipe for Mayhem by Irfan Asrar
Download - password infected Monday, February 27, 2012
Android FakeAngry - Chinese backdoor
File: fake angry.apk
MD5: 394dc498f9ee2e61fb1959bebe1da2b4
Sample Credits: with many thanks to Sanjay , February 27, 2012
Research: From China with Love: New Android Backdoor Spreading through Hacked Apps By Bogdan Botezatu
Download - password infected Sunday, February 26, 2012
Android.Steek - back from the dead
File: appinventor.ai_joopdamen91.dont_thouch_lite.apkMD5: B9430D8CC42230938A353A4B3E4C92F3
File: appinventor.ai_rathiisarun.Ipad2App.apkMD5: 92c76500a5126f11e392305424771fac
File: appinventor.ai_rathiisarun.XrayScanner.apkMD5: 3e0ff9d85577e7aab8c3ab0771a87eb5
Sample Credits: with many thanks to Munaim Ramzan, February 24, 2012
Research: Appriva: Fraudulent Apps back form the dead by Haroon Malik
P.S. Some say this is not Android Steek
Download all files - password infected
Saturday, February 11, 2012
Android Malware FakeTimer (via #OJCP)
hxxp://www.14243444.com/appli02.php hxxp://14243444.com/appli02.php hxxp://206.223.148.230/~pj629g01/appli02.php hxxp://banana8310.maido3.com/~pj629g01/appli02.php hxxp://banana3247.maido3.com/~pj629g01/appli02.php
File: sp_ntm.apk
Size: 80060
MD5: 44D31414A63A090E5A54670C33E0D1BC
Virustotal
File: sp_mtm.apk
Size: 79930
MD5: C9C7AE465D712EB79976B34B0F76F1DB
Update Feb. 19.
File: sp_k_test.apkSize: 80119
MD5: 079B92DF0DA0E57C3DFCD5B8D0D2C82C
Virustotal
Update Feb. 15.
File: sp_k_test.apkSize: 79973
MD5: 2B609E4ACFEBBEE57ECF6DDBFD8202D2
https://www.virustotal.com/file/8d9f6939db8f9b54e062403915174431008aa6c87a1803ff9faed072bb7620ee/analysis/
File: sp_btm.apk
Size: 79935
MD5: CF9BA4996531D40402EFE268C7EFDA91
Virustotal
Monday, February 6, 2012
Fake SuiConFo.apk - Foncy - Android Trojan SMS
Update: February 6, 2012
File: 56033daef6a020d8e64729acb103f818
Name: FoncySMS
MD5: 56033DAEF6A020D8E64729ACB103F818
Sample Credit: S.Guerrero February 5, 2012
Research: The Butterfly Effect of a Boundary Check by Sergei Shevchenko
Download - Password infected
Download extracted files
==========================================================================
Name: SuiConFo.apk
MD5: 1a3fb120e5a4bd51cb999a43e2d06d88
Sample Credits: many thanks to Ian French, December 8, 2011
Research: Kaspersky: SMS Trojans: all around the world
Download - password infected
File: 56033daef6a020d8e64729acb103f818
Name: FoncySMS
MD5: 56033DAEF6A020D8E64729ACB103F818
Sample Credit: S.Guerrero February 5, 2012
Research: The Butterfly Effect of a Boundary Check by Sergei Shevchenko
Download - Password infected Download extracted files
- /data/data/com.android.bot/
files/header01.png (ELF executable). - /data/data/com.android.bot/
files/footer01.png (ELF executable). - /data/data/com.android.bot/
files/border01.png (Android app - an APK File).
==========================================================================
Name: SuiConFo.apk
MD5: 1a3fb120e5a4bd51cb999a43e2d06d88
Sample Credits: many thanks to Ian French, December 8, 2011
Research: Kaspersky: SMS Trojans: all around the world
Download - password infected
Subscribe to:
Posts (Atom)