Clicky

Monday, February 27, 2012

Android FakeAngry - Chinese backdoor


File: fake angry.apk
MD5:  394dc498f9ee2e61fb1959bebe1da2b4
Sample Credits:   with many thanks to Sanjay , February 27, 2012
Research:       
From China with Love: New Android Backdoor Spreading through Hacked Apps By Bogdan Botezatu



Download  - password infected 





Sunday, February 26, 2012

Android.Steek - back from the dead


File: appinventor.ai_joopdamen91.dont_thouch_lite.apk
MD5:  B9430D8CC42230938A353A4B3E4C92F3

File: appinventor.ai_rathiisarun.Ipad2App.apk
MD5:  92c76500a5126f11e392305424771fac

File: appinventor.ai_rathiisarun.XrayScanner.apk
MD5:  3e0ff9d85577e7aab8c3ab0771a87eb5

Sample Credits:     
with many thanks to Munaim Ramzan, February 24, 2012
Research:              
Appriva: Fraudulent Apps back form the dead by Haroon Malik

P.S. Some say this is not Android Steek

 Download all files - password infected



Saturday, February 11, 2012

Android Malware FakeTimer (via #OJCP)

ANALYSIS: #OCJP-010: 14243444.com bananaxxx.maido3.com(206.223.148.230)

hxxp://www.14243444.com/appli02.php
hxxp://14243444.com/appli02.php
hxxp://206.223.148.230/~pj629g01/appli02.php
hxxp://banana8310.maido3.com/~pj629g01/appli02.php
hxxp://banana3247.maido3.com/~pj629g01/appli02.php
 

File: sp_ntm.apk
Size: 80060
MD5:  44D31414A63A090E5A54670C33E0D1BC

Virustotal

File: sp_mtm.apk
Size: 79930
MD5:  C9C7AE465D712EB79976B34B0F76F1DB

Update Feb. 19.
File: sp_k_test.apk
Size: 80119
MD5:  079B92DF0DA0E57C3DFCD5B8D0D2C82C
Virustotal

Update Feb. 15. 
File: sp_k_test.apk
Size: 79973
MD5:  2B609E4ACFEBBEE57ECF6DDBFD8202D2
https://www.virustotal.com/file/8d9f6939db8f9b54e062403915174431008aa6c87a1803ff9faed072bb7620ee/analysis/

File: sp_btm.apk
Size: 79935
MD5:  CF9BA4996531D40402EFE268C7EFDA91


Virustotal 

Monday, February 6, 2012

Fake SuiConFo.apk - Foncy - Android Trojan SMS

Update: February 6, 2012
File: 56033daef6a020d8e64729acb103f818
Name: FoncySMS
MD5:  56033DAEF6A020D8E64729ACB103F818
Sample Credit:  S.Guerrero February 5, 2012
Research: The Butterfly Effect of a Boundary Check by Sergei Shevchenko



Download - Password infected


Download extracted files

  • /data/data/com.android.bot/files/header01.png (ELF executable).
  • /data/data/com.android.bot/files/footer01.png (ELF executable).
  • /data/data/com.android.bot/files/border01.png (Android app - an APK File).





==========================================================================
Name:                    SuiConFo.apk
MD5:                     1a3fb120e5a4bd51cb999a43e2d06d88
Sample Credits:     many thanks to Ian French, December 8, 2011
Research:           Kaspersky: SMS Trojans: all around the world



Download  - password infected



Friday, February 3, 2012

Android Rootsmart malware utilizing Gingerbreak Root exploit


File:                        com.google.android.smart.apk
MD5:                     F70664BB0D45665E79BA9113C5E4D0F4
Sample Credits:   with many thanks to Sanjay and anonymous, February 3, 2012
Research:          
Security Alert: New RootSmart Android Malware Utilizes the GingerBreak Root Exploit  


Download  - password infected 





Thursday, February 2, 2012

Android VoiceChanger - Israel Premium dialer


File:                        com.VoiceChange.VoiceChangeIL-1.4.apk
MD5:                     5e50470e09f83036a91d0a5e528cb01a
Sample Credits:   with many thanks to Sanjay, February 2, 2012
Research:           
Voice changer or voice charger? by by Elad Shapira  - AVG



Download  - password infected