Monday, May 30, 2016

Mobile Malware Hits Google Play, Hundreds of Users Affected

We've recently intercepted a currently circulating, malicious, campaign, affecting, hundreds, of Google Play users, potentially, exposing, the confidentiality, integrity, and availability, of their devices, to, a variety, of malicious, software.

In this, post, we'll, profile, the campaign, provide, malicious MD5s, expose, the infrastructure, behind, it, and, discuss, in depth, the, tactics, techniques, and procedures, of, the, cybercriminals, behind, it.

Malicious MD5s known to have participated in the campaign:
MD5: 3f57dfe0ca2440bf03fda3e3b1295edc

Once executed the sample phones back to the following C&C server:
hxxp://37.1.207.31/api/?id=5

Related malicious MD5s known to have been downloaded from the same C&C server (37.1.207.31):
MD5: 1fa7df305b49f03e9ecf05fbb9cf74b8
MD5: 52b256f04bc9f5f003e9f292e6fabcc2
MD5: 76cc87289fa2a2363b42551b180c05de
MD5: 4ac2c20905c9761b863fdc9e737ea3d5
MD5: be0493f06f55ef7daf30e7e4d9cd03db

Related malicious MD5s known to have phoned back to the same C&C server (37.1.207.31):
MD5: 6ebe7504bcc4003c5b224801e961848c
MD5: 6f918766c935c7a472c9518c5b4aa7ba
MD5: 4d083b01c850c418e97c2fcf4031eff5
MD5: 2ce8dc9e399dc90d54d151aefec97091
MD5: 8f524b8daa68063af05313870ba198cd

We'll continue monitoring the campaign, and, post, updates, as, soon, as, new, developments, take, place.