Android Malware(All Android malware goes here)

Forum for analysis and discussion about malware.

Re: Android Malware(All Android malware goes here)

Postby Blaze » Fri Jan 29, 2016 2:20 pm

LockDroid. (~PornDroid spinoff)

See also:
http://www.symantec.com/connect/blogs/a ... inistrator

Would be great if Symantec could provide some more (f)actual information.

Claims to be from the Ministry of Internal Affairs of the Russian Federation. Some samples attached.
Image
You do not have the required permissions to view the files attached to this post.
Follow me on Twitter: @bartblaze
User avatar
Blaze
 
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Reputation point: 71

Re: Android Malware(All Android malware goes here)

Postby Blaze » Fri Feb 19, 2016 9:42 am

You do not have the required permissions to view the files attached to this post.
Follow me on Twitter: @bartblaze
User avatar
Blaze
 
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Reputation point: 71

Re: Android Malware(All Android malware goes here)

Postby boni11 » Mon Mar 07, 2016 1:34 pm

Detail analysis of MazarBOT - locking and erasing the device.
Analysis of new MazarBOT stealing credit cards in Italy.

http://b0n1.blogspot.com/2016/02/recent-mazarbot-targeting-mobilepay-can.html
http://b0n1.blogspot.com/2016/02/android-mazarbot-stealing-credit-card.html
You do not have the required permissions to view the files attached to this post.
boni11
 
Posts: 4
Joined: Mon Mar 07, 2016 1:20 pm
Reputation point: 0

Re: Android Malware(All Android malware goes here)

Postby Xylitol » Mon Mar 14, 2016 5:31 pm

gmbot
http://www.ibtimes.co.uk/google-android ... in-1545345
Archive leak: https://www.virustotal.com/en/file/c542 ... 459365791/

• dns: 1 ›› ip: 88.198.116.209 - adress: BIG-ASSMOVS.TK
• dns: 1 ›› ip: 88.198.116.209 - adress: FACEBOOK-VIDEO-DOWNLOAD.GQ
• dns: 1 ›› ip: 88.198.116.209 - adress: MOVIESEX.CF

https://www.virustotal.com/en/file/cab0 ... 457975774/
https://www.virustotal.com/en/file/3d22 ... 457976274/
https://www.virustotal.com/en/file/58a7 ... 458069950/
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1642
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 504

Re: Android Malware(All Android malware goes here)

Postby boni11 » Tue Mar 15, 2016 10:33 am

Porn clicking Trojan on Google Play can consume more than 3 GB in one day!

Details: http://b0n1.blogspot.com/2016/03/porn-c ... -apps.html
VT samples: http://pastebin.com/4LQpnVmL
You do not have the required permissions to view the files attached to this post.
boni11
 
Posts: 4
Joined: Mon Mar 07, 2016 1:20 pm
Reputation point: 0

Re: Android Malware(All Android malware goes here)

Postby boni11 » Fri Mar 18, 2016 8:23 am

Android Ransomware encrypting all the files on the device hiding as porn app
Details: http://b0n1.blogspot.com/2016/03/file-e ... tions.html
You do not have the required permissions to view the files attached to this post.
boni11
 
Posts: 4
Joined: Mon Mar 07, 2016 1:20 pm
Reputation point: 0

Re: Android Malware(All Android malware goes here)

Postby ajohnston9 » Wed Mar 30, 2016 5:21 pm

[quote="boni11"]Detail analysis of MazarBOT - locking and erasing the device.
Analysis of new MazarBOT stealing credit cards in Italy.

I've gone through the binary of this bot and can elaborate a bit more:

It seems to go through and exfiltrate vital information from the phone: IMEI, Phone number, installed apps, etc. In addition, it uploads every new text message to its C&C server (running as a hidden service). It appears that it can also take commands sent to it via pinging the C&C server or possibly via text.

There are now multiple variants of this particular virus, all with similar tricks to get a user to install it.
ajohnston9
 
Posts: 1
Joined: Wed Mar 23, 2016 7:32 pm
Reputation point: 0

Re: Android Malware(All Android malware goes here)

Postby rkhunter » Mon Apr 11, 2016 10:46 am

Android banking trojan masquerades as Flash Player and bypasses 2FA

http://www.welivesecurity.com/2016/03/0 ... ing-users/

SHA-256: fe0e760fbe30b16ddc94ed71d18890d3a0aaec667889184dbcf30f5009ee96e8
You do not have the required permissions to view the files attached to this post.
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Android Malware(All Android malware goes here)

Postby Mosh » Fri Apr 22, 2016 10:04 pm

A new image for this Ransomware:

MD5: 825da14a0a6a4528b3fcf6e656a3f463
SHA1: e5bdd38eb212354a484fd8ba1702de97238b04d4
SHA256: 0daee2e56a7a79e15dcb804a211453718c844f8d7688b87337dcfb8f1063722f

Image
You do not have the required permissions to view the files attached to this post.
nyxbone.com
Twitter: @nyxbone
User avatar
Mosh
 
Posts: 29
Joined: Thu Oct 06, 2011 4:10 pm
Location: Colombia
Reputation point: 8

Re: Android Malware(All Android malware goes here)

Postby geoffreyvdb » Tue May 10, 2016 11:52 am

You do not have the required permissions to view the files attached to this post.
geoffreyvdb
 
Posts: 16
Joined: Mon Feb 22, 2016 1:00 pm
Reputation point: 4

PreviousNext

Return to Malware

Who is online

Users browsing this forum: No registered users and 11 guests