Thursday, November 09, 2017

New Mobile Malware Spotted in the Wild, Hundreds of Users Affected

We've recently, intercepted, a currently, circulating, malicious, spam, campaign, affecting, hundreds, of users, globally, potentially, exposing, the, confidentiality, availability, and, integrity, of, their, devices, to, a, multi-tude, of, malicious, software. Largely, relying, on, a, multi-tude, of social engineering, vectors, the, cybercriminals, behind, the, campaign, have, managed, to, successfully, impersonate, Adobe Flash Player, users, into, thinking, that, they're, visiting, a, legitimate, Web
site, on, their, way, to, infect, their, devices, relying, on, bogus "Please update Flash on your device", messages.

Over, the, last, couple, of, years, we've, been, monitoring, an, increase, in rogue Google Play, type, of, Android, applications, capable, rogue online Web sites, tricking, tens, of, thousands, of, users, on, a, daily, basis, into, installation, rogue, applications, largely, relying, on, a, multi-tude, of, social engineering, vectors. Next, to, rogue, online, Web, sites, we've, been, also, actively, monitoring, an, increase, in, compromised, Web sites, serving, malicious, software, potentially, exposing, the, confidentiality, availability, and, integrity, of, their, devices, to, a, multi-tude, of, malicious, software. We've, been, also, busy, monitoring, an, increase, in, ongoing, monetizing, of, hijacked, traffic, type, of, underground, market, traffic, exchanges, with, more, cybercriminals, successfully, monetizing, the, hijacked, traffic, while, earning, fraudulent, revenue, in the, process.

In, this, post, we'll, profile, the, malicious, campaign, provide, actionable, intelligence, on, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.

Related malicious MD5s known to have participated in the campaign:
MD5: 288ad03cc9788c0855d446e34c7284ea

Related malicious URLS known to have participated in the campaign:
hxxp://brutaltube4mobile.com - 37.1.200.202
hxxp://xxxvideotube.org - 5.45.112.27; 37.140.192.196; 184.82.244.166

Known to have responded to the same malicious C&C server IP (37.1.200.202), are, also, the following malicious domains:
hxxp://nudism-nudist.com
hxxp://yumail.site
hxxp://hot-images.xyz
hxxp://nudism-klub.com
hxxp://nudism-nudist.com
hxxp://family-naturism.org
hxxp://teen-nudism.com
hxxp://family-naturism.net
hxxp://teen-media.net
hxxp://01hosting.biz
hxxp://jp-voyeur.com
hxxp://link-protector.biz
hxxp://brutaltube4mobile.com
hxxp://adobeupdate.org
hxxp://australiamms.com
hxxp://brutaltube4mobile.com
hxxp://donttreadonmike.com
hxxp://german-torrent.com
hxxp://fondazion.com
hxxp://derechosmadre.org
hxxp://torsearch.net
hxxp://4mytelecharger55.net
hxxp://4mytelecharger66.net
hxxp://fondazion.net
hxxp://fondazion.org
hxxp://sevajug.org
hxxp://defilez2.net
hxxp://downloadfrance22.com
hxxp://derechosmadretierra.org

Related malicious MD5s, known, to, have, phoned, back, to, the, same, C&C server IPs (brutaltube4mobile.com - 37.1.200.202):
MD5: 18327d619484112f81dc7da4169ba088
MD5: 090f7349fef4e1624393383e145d5982
MD5: d2e3d9d0e599cfce1af8b2777c3a071a

Related malicious MD5s known to have phoned back to the same C&C server IP (xxxvideotube.org - 5.45.112.27; 37.140.192.196; 184.82.244.166):
MD5: 288ad03cc9788c0855d446e34c7284ea

Once executed a sample malware phones back to the following C&C server IPs:
hxxp://5.196.121.148

Related malicious MD5s known to have phoned back to the same C&C server IP (5.196.121.148):
MD5: 7bef1c5e0dcf5f6fd152c0723993e378
MD5: 10e6c3f050b24583abf708d6afb34db2
MD5: 5a122660a3d54d9221500224f103d7b0

Thanks, to, the, overall, availability, of, mobile, affiliate, network, type, of, monetization, vectors, we, expect, to, continue, observing, an, increase, in, mobile, malware, type, of, fraudulent, and, rogue, Web sites, serving, malicious, software, to, unsuspecting, users, internationally.

We'll, continue, monitoring, the, market, segment, for, mobile, malware, and, post, updated, as, soon, as, new, developments, take, place.