Android Malware(All Android malware goes here)

Forum for analysis and discussion about malware.
User avatar
Blaze
Posts: 199
Joined: Fri Aug 27, 2010 7:35 am
Contact:

Re: Android Malware(All Android malware goes here)

Post by Blaze » Fri Jan 29, 2016 2:20 pm

LockDroid. (~PornDroid spinoff)

See also:
http://www.symantec.com/connect/blogs/a ... inistrator

Would be great if Symantec could provide some more (f)actual information.

Claims to be from the Ministry of Internal Affairs of the Russian Federation. Some samples attached.
Image
You do not have the required permissions to view the files attached to this post.

User avatar
Blaze
Posts: 199
Joined: Fri Aug 27, 2010 7:35 am
Contact:

Re: Android Malware(All Android malware goes here)

Post by Blaze » Fri Feb 19, 2016 9:42 am

You do not have the required permissions to view the files attached to this post.

boni11
Posts: 4
Joined: Mon Mar 07, 2016 1:20 pm
Contact:

Re: Android Malware(All Android malware goes here)

Post by boni11 » Mon Mar 07, 2016 1:34 pm

Detail analysis of MazarBOT - locking and erasing the device.
Analysis of new MazarBOT stealing credit cards in Italy.

http://b0n1.blogspot.com/2016/02/recent ... y-can.html
http://b0n1.blogspot.com/2016/02/androi ... -card.html
You do not have the required permissions to view the files attached to this post.

User avatar
Xylitol
Global Moderator
Posts: 1659
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Android Malware(All Android malware goes here)

Post by Xylitol » Mon Mar 14, 2016 5:31 pm

gmbot
http://www.ibtimes.co.uk/google-android ... in-1545345
Archive leak: https://www.virustotal.com/en/file/c542 ... 459365791/

• dns: 1 ›› ip: 88.198.116.209 - adress: BIG-ASSMOVS.TK
• dns: 1 ›› ip: 88.198.116.209 - adress: FACEBOOK-VIDEO-DOWNLOAD.GQ
• dns: 1 ›› ip: 88.198.116.209 - adress: MOVIESEX.CF

https://www.virustotal.com/en/file/cab0 ... 457975774/
https://www.virustotal.com/en/file/3d22 ... 457976274/
https://www.virustotal.com/en/file/58a7 ... 458069950/
You do not have the required permissions to view the files attached to this post.

boni11
Posts: 4
Joined: Mon Mar 07, 2016 1:20 pm
Contact:

Re: Android Malware(All Android malware goes here)

Post by boni11 » Tue Mar 15, 2016 10:33 am

Porn clicking Trojan on Google Play can consume more than 3 GB in one day!

Details: http://b0n1.blogspot.com/2016/03/porn-c ... -apps.html
VT samples: http://pastebin.com/4LQpnVmL
You do not have the required permissions to view the files attached to this post.

boni11
Posts: 4
Joined: Mon Mar 07, 2016 1:20 pm
Contact:

Re: Android Malware(All Android malware goes here)

Post by boni11 » Fri Mar 18, 2016 8:23 am

Android Ransomware encrypting all the files on the device hiding as porn app
Details: http://b0n1.blogspot.com/2016/03/file-e ... tions.html
You do not have the required permissions to view the files attached to this post.

ajohnston9
Posts: 1
Joined: Wed Mar 23, 2016 7:32 pm

Re: Android Malware(All Android malware goes here)

Post by ajohnston9 » Wed Mar 30, 2016 5:21 pm

[quote="boni11"]Detail analysis of MazarBOT - locking and erasing the device.
Analysis of new MazarBOT stealing credit cards in Italy.

I've gone through the binary of this bot and can elaborate a bit more:

It seems to go through and exfiltrate vital information from the phone: IMEI, Phone number, installed apps, etc. In addition, it uploads every new text message to its C&C server (running as a hidden service). It appears that it can also take commands sent to it via pinging the C&C server or possibly via text.

There are now multiple variants of this particular virus, all with similar tricks to get a user to install it.

User avatar
rkhunter
Posts: 1150
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Contact:

Re: Android Malware(All Android malware goes here)

Post by rkhunter » Mon Apr 11, 2016 10:46 am

Android banking trojan masquerades as Flash Player and bypasses 2FA

http://www.welivesecurity.com/2016/03/0 ... ing-users/

SHA-256: fe0e760fbe30b16ddc94ed71d18890d3a0aaec667889184dbcf30f5009ee96e8
You do not have the required permissions to view the files attached to this post.

User avatar
Mosh
Posts: 29
Joined: Thu Oct 06, 2011 4:10 pm
Location: Colombia
Contact:

Re: Android Malware(All Android malware goes here)

Post by Mosh » Fri Apr 22, 2016 10:04 pm

A new image for this Ransomware:

MD5: 825da14a0a6a4528b3fcf6e656a3f463
SHA1: e5bdd38eb212354a484fd8ba1702de97238b04d4
SHA256: 0daee2e56a7a79e15dcb804a211453718c844f8d7688b87337dcfb8f1063722f

Image
You do not have the required permissions to view the files attached to this post.
nyxbone.com
Twitter: @nyxbone

geoffreyvdb
Posts: 16
Joined: Mon Feb 22, 2016 1:00 pm

Re: Android Malware(All Android malware goes here)

Post by geoffreyvdb » Tue May 10, 2016 11:52 am

You do not have the required permissions to view the files attached to this post.

Post Reply