Sunday, May 15, 2016

Mobile Malware Hits Google Play, Thousands of Users Affected

We've recently, intercepted, a currently, ongoing, malicious, campaign, that's utilizing, Google Play, for, the purpose, of, serving, malicious, software, to, unsuspecting, users.

In this, post, we'll, profile, the campaign, provide malicious MD5s, expose, the, malicious, infrastructure, behind, it, and, discuss, in, depth, the, tactics, techniques, and procedures, of, the, cybercriminals, behind, it.

Malicious MD5s known to be part, of the, malicious, campaign:
MD5: 4cbc7513072a1c0b03f7cedc6d058af4
MD5: 4defc5803de76f506bfc3a6c2c90bd87
MD5: 13647981b37f0c038e096c58b8962f95

Once, executed, the, sample, phones, back, to, the, following, C&C servers:
hxxp://petrporosya.com/123/ - 185.106.92.110
hxxp://78.46.123.205/111/inj/paypal/paypal.php

Known to have responded to the same malicious C&C server IP (185.106.92.110) is also the following malicious C&C server:
hxxp://traktorporosya.com

Related malicious MD5s known to have phoned back to the same malicious C&C server (185.106.92.110):
MD5: a765d6c0c046ffb88f825b3189f02148
MD5: 48cd9d9e03f92743b673a0c8ce58704a
MD5: 58f02914791f1e3075d574e288c80a26
MD5: 09f3f1bd2e91fb5af0c71db307777bbb
MD5: 568ef0fb4d645350b65edb031f4ade2f
MD5: d06ec8b877e2f0f73c4533c4c105acb8

Related malicious MD5s known to have phoned back to the same malicious C&C server (78.46.123.205):
MD5: 32c8af7e7e9076b35dde4d677b14e594
MD5: 27e4b9ae53c2300723c267cf67b930bf

We'll continue monitoring the campaign, and, post, updates, as, soon, as, new, developments, take, place.