Tuesday, September 06, 2016

New Mobile Malware Intercepted in the Wild, Hundreds of Users Affected

We've, recently, intercepted, a, currently, circulating, malicious, spam, campaign, affecting, hundreds, of, users, globally, potentially, exposing, the, confidentiality, availability, and, integrity, of, their, devices, to, a, multi-tude, of, malicious, software. Largely, relying, on, a, set, of, social, engineering, vectors, cybercriminals, continue, monetizing, and, earning, fraudulent, revenue, while, affecting, hundreds, of, thousands, of, users, globally. 

Thanks, to, the, overall, availability, of, affiliate, based, type, of, monetization, approaches, cybercriminals, continue, successfully, monetizing, hijacked, and, acquired, underground, market, type, of, hijacked, and, acquired, traffic, for, the, purpose, of, earning, fraudulent, revenue, in, the, process.

In, this, post, we'll, profile, the, campaign, provide, actionable, intelligence, on, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.

Related malicious MD5s known to have participated, in, the, campaign:
MD5: 7197d23e61909aa16cd637cdba818ae7
MD5: 28bae60a1700b768de0a33275c22bee5

Once, executed, a, sample, malware, phones, back, to, the, following, C&C, server, IPs:
hxxp://android2update.com - 52.28.249.128; 52.28.3.6
hxxp://android2update.com - 52.28.249.128; 52.28.3.6
hxxp://androidversion.net - 52.28.249.128; 52.28.3.6
hxxp://androidssafe.com
hxxp://getupdateandroid.com
hxxp://updateandroid.biz
hxxp://softthrifty.com - 131.253.18.12

Related, malicious, MD5s, known, to, have, phoned, back, to, the, same, C&C, server, IPs (android2update.com - 52.28.249.128; 52.28.3.6):
MD5: 93ad90787391f9d4f15fe06f9d6a32dd
MD5: c678b20e4859ff7a24dcdf01644796f6
MD5: c6964ee454ff2885497c62220a963046
MD5: c2c1b9524017dc401365a0136edeb70a
MD5: efd14b0c1eff64a5e2b90ad5f6c92fdb

Related, malicious, MD5s, known, to, have, participated, in, the, campaign:
MD5: 02462f235a01a6f8287900d04598b4a4
MD5: 11c6792518c1389173ee626b87c44bd1
MD5: 1b497b1ddfcbb5457f4c8ba41d412b44
MD5: 2dfccca5a9cdf207fb43a54b2194e368
MD5: 5884d1134c636cdc8421d76fb288e37d

Related malicious MD5s known to have, participated, in, the, campaign:
MD5: ecbbce17053d6eaf9bf9cb7c71d0af8d
MD5: b1ae0d9a2792193bff8c129c80180ab0
MD5: e98791dffcc0a8579ae875149e3c8e5e

Related malicious, MD5s, known, to, have, participated, in, the, campaign:
MD5: 02462f235a01a6f8287900d04598b4a4
MD5: 11c6792518c1389173ee626b87c44bd1
MD5: 1b497b1ddfcbb5457f4c8ba41d412b44
MD5: 2dfccca5a9cdf207fb43a54b2194e368
MD5: 5884d1134c636cdc8421d76fb288e37d

We'll, continue, monitoring, the, market, segment, for, mobile, malware, and, post, updates, as, soon, as, new, developments, take, place.