Page 9 of 11

Re: Android Malware(All Android malware goes here)

PostPosted:Fri Jan 29, 2016 2:20 pm
by Blaze
LockDroid. (~PornDroid spinoff)

See also:
http://www.symantec.com/connect/blogs/a ... inistrator

Would be great if Symantec could provide some more (f)actual information.

Claims to be from the Ministry of Internal Affairs of the Russian Federation. Some samples attached.
Image

Re: Android Malware(All Android malware goes here)

PostPosted:Fri Feb 19, 2016 9:42 am
by Blaze

Re: Android Malware(All Android malware goes here)

PostPosted:Mon Mar 07, 2016 1:34 pm
by boni11
Detail analysis of MazarBOT - locking and erasing the device.
Analysis of new MazarBOT stealing credit cards in Italy.

http://b0n1.blogspot.com/2016/02/recent ... y-can.html
http://b0n1.blogspot.com/2016/02/androi ... -card.html

Re: Android Malware(All Android malware goes here)

PostPosted:Mon Mar 14, 2016 5:31 pm
by Xylitol
gmbot
http://www.ibtimes.co.uk/google-android ... in-1545345
Archive leak: https://www.virustotal.com/en/file/c542 ... 459365791/

• dns: 1 ›› ip: 88.198.116.209 - adress: BIG-ASSMOVS.TK
• dns: 1 ›› ip: 88.198.116.209 - adress: FACEBOOK-VIDEO-DOWNLOAD.GQ
• dns: 1 ›› ip: 88.198.116.209 - adress: MOVIESEX.CF

https://www.virustotal.com/en/file/cab0 ... 457975774/
https://www.virustotal.com/en/file/3d22 ... 457976274/
https://www.virustotal.com/en/file/58a7 ... 458069950/

Re: Android Malware(All Android malware goes here)

PostPosted:Tue Mar 15, 2016 10:33 am
by boni11
Porn clicking Trojan on Google Play can consume more than 3 GB in one day!

Details: http://b0n1.blogspot.com/2016/03/porn-c ... -apps.html
VT samples: http://pastebin.com/4LQpnVmL

Re: Android Malware(All Android malware goes here)

PostPosted:Fri Mar 18, 2016 8:23 am
by boni11
Android Ransomware encrypting all the files on the device hiding as porn app
Details: http://b0n1.blogspot.com/2016/03/file-e ... tions.html

Re: Android Malware(All Android malware goes here)

PostPosted:Wed Mar 30, 2016 5:21 pm
by ajohnston9
[quote="boni11"]Detail analysis of MazarBOT - locking and erasing the device.
Analysis of new MazarBOT stealing credit cards in Italy.

I've gone through the binary of this bot and can elaborate a bit more:

It seems to go through and exfiltrate vital information from the phone: IMEI, Phone number, installed apps, etc. In addition, it uploads every new text message to its C&C server (running as a hidden service). It appears that it can also take commands sent to it via pinging the C&C server or possibly via text.

There are now multiple variants of this particular virus, all with similar tricks to get a user to install it.

Re: Android Malware(All Android malware goes here)

PostPosted:Mon Apr 11, 2016 10:46 am
by rkhunter
Android banking trojan masquerades as Flash Player and bypasses 2FA

http://www.welivesecurity.com/2016/03/0 ... ing-users/

SHA-256: fe0e760fbe30b16ddc94ed71d18890d3a0aaec667889184dbcf30f5009ee96e8

Re: Android Malware(All Android malware goes here)

PostPosted:Fri Apr 22, 2016 10:04 pm
by Mosh
A new image for this Ransomware:

MD5: 825da14a0a6a4528b3fcf6e656a3f463
SHA1: e5bdd38eb212354a484fd8ba1702de97238b04d4
SHA256: 0daee2e56a7a79e15dcb804a211453718c844f8d7688b87337dcfb8f1063722f

Image

Re: Android Malware(All Android malware goes here)

PostPosted:Tue May 10, 2016 11:52 am
by geoffreyvdb