See also:
http://www.symantec.com/connect/blogs/a ... inistrator
Would be great if Symantec could provide some more (f)actual information.
Claims to be from the Ministry of Internal Affairs of the Russian Federation. Some samples attached.
Android Malware(All Android malware goes here)
Re: Android Malware(All Android malware goes here)
LockDroid. (~PornDroid spinoff)
See also:
http://www.symantec.com/connect/blogs/a ... inistrator
Would be great if Symantec could provide some more (f)actual information.
Claims to be from the Ministry of Internal Affairs of the Russian Federation. Some samples attached.
See also:
http://www.symantec.com/connect/blogs/a ... inistrator
Would be great if Symantec could provide some more (f)actual information.
Claims to be from the Ministry of Internal Affairs of the Russian Federation. Some samples attached.
You do not have the required permissions to view the files attached to this post.
Re: Android Malware(All Android malware goes here)
MazarBOT. Infostealer.
https://www.csis.dk/en/csis/news/4819/
https://www.csis.dk/en/csis/blog/4835/
https://www.csis.dk/en/csis/news/4819/
https://www.csis.dk/en/csis/blog/4835/
You do not have the required permissions to view the files attached to this post.
Re: Android Malware(All Android malware goes here)
Detail analysis of MazarBOT - locking and erasing the device.
Analysis of new MazarBOT stealing credit cards in Italy.
http://b0n1.blogspot.com/2016/02/recent ... y-can.html
http://b0n1.blogspot.com/2016/02/androi ... -card.html
Analysis of new MazarBOT stealing credit cards in Italy.
http://b0n1.blogspot.com/2016/02/recent ... y-can.html
http://b0n1.blogspot.com/2016/02/androi ... -card.html
You do not have the required permissions to view the files attached to this post.
-
Xylitol
- Global Moderator
- Posts: 1671
- Joined: Sat Apr 10, 2010 5:54 pm
- Location: Seireitei, Soul Society
- Contact:
Re: Android Malware(All Android malware goes here)
gmbot
http://www.ibtimes.co.uk/google-android ... in-1545345
Archive leak: https://www.virustotal.com/en/file/c542 ... 459365791/
• dns: 1 ›› ip: 88.198.116.209 - adress: BIG-ASSMOVS.TK
• dns: 1 ›› ip: 88.198.116.209 - adress: FACEBOOK-VIDEO-DOWNLOAD.GQ
• dns: 1 ›› ip: 88.198.116.209 - adress: MOVIESEX.CF
https://www.virustotal.com/en/file/cab0 ... 457975774/
https://www.virustotal.com/en/file/3d22 ... 457976274/
https://www.virustotal.com/en/file/58a7 ... 458069950/
http://www.ibtimes.co.uk/google-android ... in-1545345
Archive leak: https://www.virustotal.com/en/file/c542 ... 459365791/
• dns: 1 ›› ip: 88.198.116.209 - adress: BIG-ASSMOVS.TK
• dns: 1 ›› ip: 88.198.116.209 - adress: FACEBOOK-VIDEO-DOWNLOAD.GQ
• dns: 1 ›› ip: 88.198.116.209 - adress: MOVIESEX.CF
https://www.virustotal.com/en/file/cab0 ... 457975774/
https://www.virustotal.com/en/file/3d22 ... 457976274/
https://www.virustotal.com/en/file/58a7 ... 458069950/
You do not have the required permissions to view the files attached to this post.
Re: Android Malware(All Android malware goes here)
Porn clicking Trojan on Google Play can consume more than 3 GB in one day!
Details: http://b0n1.blogspot.com/2016/03/porn-c ... -apps.html
VT samples: http://pastebin.com/4LQpnVmL
Details: http://b0n1.blogspot.com/2016/03/porn-c ... -apps.html
VT samples: http://pastebin.com/4LQpnVmL
You do not have the required permissions to view the files attached to this post.
Re: Android Malware(All Android malware goes here)
Android Ransomware encrypting all the files on the device hiding as porn app
Details: http://b0n1.blogspot.com/2016/03/file-e ... tions.html
Details: http://b0n1.blogspot.com/2016/03/file-e ... tions.html
You do not have the required permissions to view the files attached to this post.
-
ajohnston9
- Posts: 1
- Joined: Wed Mar 23, 2016 7:32 pm
Re: Android Malware(All Android malware goes here)
[quote="boni11"]Detail analysis of MazarBOT - locking and erasing the device.
Analysis of new MazarBOT stealing credit cards in Italy.
I've gone through the binary of this bot and can elaborate a bit more:
It seems to go through and exfiltrate vital information from the phone: IMEI, Phone number, installed apps, etc. In addition, it uploads every new text message to its C&C server (running as a hidden service). It appears that it can also take commands sent to it via pinging the C&C server or possibly via text.
There are now multiple variants of this particular virus, all with similar tricks to get a user to install it.
Analysis of new MazarBOT stealing credit cards in Italy.
I've gone through the binary of this bot and can elaborate a bit more:
It seems to go through and exfiltrate vital information from the phone: IMEI, Phone number, installed apps, etc. In addition, it uploads every new text message to its C&C server (running as a hidden service). It appears that it can also take commands sent to it via pinging the C&C server or possibly via text.
There are now multiple variants of this particular virus, all with similar tricks to get a user to install it.
Re: Android Malware(All Android malware goes here)
Android banking trojan masquerades as Flash Player and bypasses 2FA
http://www.welivesecurity.com/2016/03/0 ... ing-users/
SHA-256: fe0e760fbe30b16ddc94ed71d18890d3a0aaec667889184dbcf30f5009ee96e8
http://www.welivesecurity.com/2016/03/0 ... ing-users/
SHA-256: fe0e760fbe30b16ddc94ed71d18890d3a0aaec667889184dbcf30f5009ee96e8
You do not have the required permissions to view the files attached to this post.
Re: Android Malware(All Android malware goes here)
A new image for this Ransomware:
MD5: 825da14a0a6a4528b3fcf6e656a3f463
SHA1: e5bdd38eb212354a484fd8ba1702de97238b04d4
SHA256: 0daee2e56a7a79e15dcb804a211453718c844f8d7688b87337dcfb8f1063722f
MD5: 825da14a0a6a4528b3fcf6e656a3f463
SHA1: e5bdd38eb212354a484fd8ba1702de97238b04d4
SHA256: 0daee2e56a7a79e15dcb804a211453718c844f8d7688b87337dcfb8f1063722f
You do not have the required permissions to view the files attached to this post.
nyxbone.com
Twitter: @nyxbone
Twitter: @nyxbone
-
geoffreyvdb
- Posts: 16
- Joined: Mon Feb 22, 2016 1:00 pm
Re: Android Malware(All Android malware goes here)
Viking horde botnet
http://blog.checkpoint.com/2016/05/09/v ... ogle-play/
5 of the apks in attach
Most popular one has 50k - 100k downloads
https://apkscan.nviso.be/report/show/ac ... 4e7e1f599a (analysis failed)
https://apkscan.nviso.be/report/show/4e ... ec1f8bb062
https://apkscan.nviso.be/report/show/5d ... 909c0269bf
https://apkscan.nviso.be/report/show/9a ... bdd1050a6c (looks like analysis failed)
https://apkscan.nviso.be/report/show/ad ... 4e506c5a72 (analysis failed but detected as malicious)
http://blog.checkpoint.com/2016/05/09/v ... ogle-play/
5 of the apks in attach
Most popular one has 50k - 100k downloads
https://apkscan.nviso.be/report/show/ac ... 4e7e1f599a (analysis failed)
https://apkscan.nviso.be/report/show/4e ... ec1f8bb062
https://apkscan.nviso.be/report/show/5d ... 909c0269bf
https://apkscan.nviso.be/report/show/9a ... bdd1050a6c (looks like analysis failed)
https://apkscan.nviso.be/report/show/ad ... 4e506c5a72 (analysis failed but detected as malicious)
You do not have the required permissions to view the files attached to this post.