Clicky

Sunday, November 24, 2013

Fake Taobao - Android infostealer

MD5:  45DAE1EE4CA1980C140CB5C9DA2A7ED5

Research: http://www.symantec.com/security_response/writeup.jsp?docid=2013-062518-4057-99

The Trojan sends the following information to a specific phone number:
Taobao user name
Taobao password
Zhifubao user name
Zhifubao password
The Trojan requires another .apk file to be downloaded so it can forward SMS messages to the specific phone number.


Download. Email me if you need the password. 





https://www.virustotal.com/en/file/530237765ca1acf651106bfa14dc800bc1e953b4cf65d308f66b0f6298e26a9b/analysis/
SHA256: 530237765ca1acf651106bfa14dc800bc1e953b4cf65d308f66b0f6298e26a9b
File name: 45DAE1EE4CA1980C140CB5C9DA2A7ED5.FFA14F87
Detection ratio: 22 / 47
Analysis date: 2013-11-19 01:31:54 UTC ( 6 days, 2 hours ago )

Antivirus Result Update
Comodo UnclassifiedMalware 20131119
F-Secure Trojan:Android/SmsSpy.AF 20131119
NANO-Antivirus Trojan.SmsSend.clltwg 20131119
VIPRE Trojan.AndroidOS.Generic.A 20131119
Baidu-International Trojan.Android.Spy.Agent.I 20131118
TrendMicro-HouseCall TROJ_GEN.F47V1025 20131119
Ikarus Spy.AndroidOS 20131119
Kaspersky HEUR:Trojan-Spy.AndroidOS.SmForw.r 20131119
McAfee Artemis!45DAE1EE4CA1 20131119
McAfee-GW-Edition Artemis!45DAE1EE4CA1 20131118
F-Prot AndroidOS/Stealer.C 20131119
Commtouch AndroidOS/GenBl.85110647!Olympus 20131119
Avast Android:Agent-AYN [Trj] 20131119
AntiVir Android/Agent.I.17 20131119
Fortinet Android/Agent.I!tr.spy 20131118
Emsisoft Android.Trojan.SmsSpy.AD (B) 20131119
MicroWorld-eScan Android.Trojan.SmsSpy.AD 20131119
BitDefender Android.Trojan.SmsSpy.AD 20131119
GData Android.Trojan.SmsSpy.AD 20131118
Kingsoft Android.Troj.at_Faketaobao.c.(kcloud) 20130829
DrWeb Android.SmsSend.790.origin 20131119
ESET-NOD32 a variant of Android/Spy.Agent.I 20131119

No comments:

Post a Comment