We've, recently,
intercepted, a, currently, circulating, malicious, spam, campaign,
affecting, hundreds, of, users, globally, potentially, exposing, the,
confidentiality, availability, and, integrity, of, their, devices,
to, a, multi-tude, of, malicious, software. Largely, relying, on, a,
set, of, social, engineering, vectors, cybercriminals, continue,
monetizing, and, earning, fraudulent, revenue, while, affecting,
hundreds, of, thousands, of, users, globally.
Thanks, to, the,
overall, availability, of, affiliate, based, type, of, monetization,
approaches, cybercriminals, continue, successfully, monetizing,
hijacked, and, acquired, underground, market, type, of, hijacked,
and, acquired, traffic, for, the, purpose, of, earning, fraudulent,
revenue, in, the, process.
In, this, post,
we'll, profile, the, campaign, provide, actionable, intelligence, on,
the, infrastructure, behind, it, and, discuss, in-depth, the,
tactics, techniques, and, procedures, of, the, cybercriminals,
behind, it.
Related malicious MD5s known to have
participated, in, the, campaign:
MD5:
7197d23e61909aa16cd637cdba818ae7
MD5:
28bae60a1700b768de0a33275c22bee5
Once, executed, a, sample, malware,
phones, back, to, the, following, C&C, server, IPs:
hxxp://android2update.com
- 52.28.249.128; 52.28.3.6
hxxp://android2update.com
- 52.28.249.128; 52.28.3.6
hxxp://androidversion.net
- 52.28.249.128; 52.28.3.6
hxxp://androidssafe.com
hxxp://getupdateandroid.com
hxxp://updateandroid.biz
hxxp://softthrifty.com
- 131.253.18.12
Related, malicious, MD5s, known, to,
have, phoned, back, to, the, same, C&C, server, IPs
(android2update.com - 52.28.249.128; 52.28.3.6):
MD5:
93ad90787391f9d4f15fe06f9d6a32dd
MD5:
c678b20e4859ff7a24dcdf01644796f6
MD5:
c6964ee454ff2885497c62220a963046
MD5:
c2c1b9524017dc401365a0136edeb70a
MD5:
efd14b0c1eff64a5e2b90ad5f6c92fdb
Related, malicious, MD5s, known, to,
have, participated, in, the, campaign:
MD5:
02462f235a01a6f8287900d04598b4a4
MD5:
11c6792518c1389173ee626b87c44bd1
MD5:
1b497b1ddfcbb5457f4c8ba41d412b44
MD5:
2dfccca5a9cdf207fb43a54b2194e368
MD5:
5884d1134c636cdc8421d76fb288e37d
Related malicious MD5s known to
have, participated, in, the, campaign:
MD5:
ecbbce17053d6eaf9bf9cb7c71d0af8d
MD5:
b1ae0d9a2792193bff8c129c80180ab0
MD5:
e98791dffcc0a8579ae875149e3c8e5e
Related malicious, MD5s, known, to,
have, participated, in, the, campaign:
MD5:
02462f235a01a6f8287900d04598b4a4
MD5:
11c6792518c1389173ee626b87c44bd1
MD5:
1b497b1ddfcbb5457f4c8ba41d412b44
MD5:
2dfccca5a9cdf207fb43a54b2194e368
MD5:
5884d1134c636cdc8421d76fb288e37d
We'll, continue,
monitoring, the, market, segment, for, mobile, malware, and, post,
updates, as, soon, as, new, developments, take, place.