Mobile Malware Intercepted, Hundreds of Users Affected
We've, recently, intercepted, a currently, circulating, malicious, campaign, exposing, Google Play, users, to, a variety, of malicious, software, exposing, the confidentiality, integrity, and availability, of, their, devices, to, a multi-tude, of, malicious, software.
In this, post, we'll, profile, the, campaign, provide, malicious, MD5s, expose, the, infrastructure, behind, it, and, discuss, in depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.
Malicious MD5s known to have participated in the campaign:
MD5: f6aedc30fdab1b0a0bfebb3d51cb82ea
Related malicious MD5s known to have participated in the campaign:
MD5: ff844a8bb40da72b5c9f3a8c3cda7c9d051921e6
MD5: 83e56809b1662be002f4e1c4bcd3aef90d060d8f
MD5: 7c3f693d0b0ea6c6fdbb078e56d7e71ffaf648b8
MD5: 9e36414341e4dbaa113980f7d900e0ac4baa4103
MD5: 21266e72c8becbb439cb6d77f174b5eccefa2769
Once executed a sample malware phones back to the following C&C server:
hxxp://193.201.224.22
hxxp://85.143.221.46
hxxp://85.143.219.118
Known to have phoned back to the same C&C server IP(193.201.224.22) are also the following malicious MD5s:
MD5: 99f66211f75ace7d103fc2fbc147cd8c
MD5: ab712f0c6339d2c33cf34df44da972b8
MD5: d66f59cd897e5992c4dca3c6f6d198ce
MD5: 635fbe342c0732294db648e36b8e0a58
We'll continue, monitoring, the, campaign, and, post, updates, as, soon, as, new, developments, take, place.
In this, post, we'll, profile, the, campaign, provide, malicious, MD5s, expose, the, infrastructure, behind, it, and, discuss, in depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.
Malicious MD5s known to have participated in the campaign:
MD5: f6aedc30fdab1b0a0bfebb3d51cb82ea
Related malicious MD5s known to have participated in the campaign:
MD5: ff844a8bb40da72b5c9f3a8c3cda7c9d051921e6
MD5: 83e56809b1662be002f4e1c4bcd3aef90d060d8f
MD5: 7c3f693d0b0ea6c6fdbb078e56d7e71ffaf648b8
MD5: 9e36414341e4dbaa113980f7d900e0ac4baa4103
MD5: 21266e72c8becbb439cb6d77f174b5eccefa2769
Once executed a sample malware phones back to the following C&C server:
hxxp://193.201.224.22
hxxp://85.143.221.46
hxxp://85.143.219.118
Known to have phoned back to the same C&C server IP(193.201.224.22) are also the following malicious MD5s:
MD5: 99f66211f75ace7d103fc2fbc147cd8c
MD5: ab712f0c6339d2c33cf34df44da972b8
MD5: d66f59cd897e5992c4dca3c6f6d198ce
MD5: 635fbe342c0732294db648e36b8e0a58
We'll continue, monitoring, the, campaign, and, post, updates, as, soon, as, new, developments, take, place.
About the author
Donec non enim in turpis pulvinar facilisis. Ut felis. Praesent dapibus, neque id cursus faucibus. Aenean fermentum, eget tincidunt.
