Historical OSINT - Spamvertised Client-Side Exploits Serving Adult Content Themed Campaign

There's no such thing as free porn, unless there are client-side, exploits, served.

We've, recently, intercepted, a, currently, circulating, malicious, spam, campaign, enticing, end, users, into, clicking, on, malware-serving, client-side, exploits, embedded, content, for, the, purpose, of, affecting, a, socially, engineered, user''s, host, further, monetizing, access, by, participating, in, a, rogue, affiliate-network, based, type, of, monetizing, scheme.

In, this, post, we'll, profile, the, campaign, provide, actionable, intelligence, on, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.

Sample, malicious, URL, known, to, have, participated, in, the, campaign:
hxxp://jfkweb.chez.com/HytucztXRs.html? -> hxxp://aboutg.dothome.co.kr/bbs/theme_1_1_1.php -> http://aboutg.dothome.co.kr/bbs/theme_1_1_1.php?s=hvqCgoLEI&id=6 -> http://aboutg.dothome.co.kr/bbs/theme_1_1_1.php?s=hvqCgoLEI&id=14 -> hxxp://meganxoxo.com - 74.222.13.2 - associated, name, servers: ns1.tube310.info; ns2.tube310.info - 74.222.13.24

Parked there (74.222.13.2) are also:
hxxp://e-leaderz.com - Email: seoproinc@gmail.com
hxxp://babes4you.info - 74.222.13.25
hxxp://tubexxxx.info
hxxp://my-daddy.info - 74.222.13.25

Related, malicious, URLs, known, to, have, participated, in, the, campaign:
hxxp://eroticahaeven.info
hxxp://freehotbabes.info
hxxp://freepornportal.info
hxxp://hot-babez.info
hxxp://sex-sexo.info
hxxp://tube310.info
hxxp://tube323.info

The exploitation structure is as follows:
hxxp://meganxoxo.com/xox/go.php?sid=6 -> hxxp://kibristkd.org.tr/hasan-ikizer/index01.php -> hxxp://fd1a234sa.com/js - 79.135.152.26 -> hxxp://asf356ydc.com/qual/index.php - CVE-2008-2992; CVE-2009-0927; CVE-2010-0886 -> hxxp://asf356ydc.com/qual/52472f502b9688d3326a32ed5ddd5d2c.js ->  hxxp://asf356ydc.com/qual/abe9c321312b206bffa798ef9d5b6a9b.php?uid=206369 -> hxxp://188.243.231.39/public/qual.jar ->  hxxp://asf356ydc.com/qual/load.php/0a3584217553d6fccbd74cfb73e954b6?forum=thread_id -> hxxp://asf356ydc.com/download/stat.php -> hxxp://asf356ydc.com/download/load/load.exe

Related, malicious, URLs, known, to, have, participated, in, the, campaign:
hxxp://jfkweb.chez.com/frank4.html - CVE-2010-0886
    - hxxp://jfkweb.chez.com/bud2.html
        - hxxp://jfkweb.chez.com/4.html
            - hxxp://wemhkr3t4z.com/qual/load/myexebr.exe
                - hxxp://asf356ydc.com/download/index.php
                    - hxxp://89.248.111.71/qual/load.php?forum=jxp&ql
                        - hxxp://asf356ydc.com/qual/index.php

Related, malicious, URls, known, to, have, participated, in, the, campaign:
hxxp://qual/10964108e3afab081ed1986cde437202.js
hxxp://qual/768a83ea36dbd09f995a97c99780d63e.php?spn=2&uid=213393&
hxxp://qual/index.php?browser_version=6.0&uid=213393&browser=MSIE&spn=2

Related, malicious, URLs, known, to, have, participated, in, the, campaign:
hxxp://download/banner.php?spl=javat
hxxp://download/j1_ke.jar
hxxp://download/j2_93.jar

parked on 89.248.111.71, AS45001, Interdominios_ono Grupo Interdominios S.A.
wemhkr3t4z.com - Email: fole@fox.net - MD5: 3b375fc53207e1f54504d4b038d9fe6b

Related, malicious, MD5s, known, to, have, participated, in, the, campaign:
hxxp://alhatester.com/cp/file.exe - 204.11.56.48; 204.11.56.45; 8.5.1.46; 208.73.211.230; 208.73.211.247; 208.73.211.249; 208.73.211.246; 208.73.211.233; 208.73.211.238; 208.73.211.208

Known, to, have, phoned, back, to, the, same, malicious, C&C, server, IPs, are, also, the, following, malicious, MD5s:
MD5: 89fb419120d1443e86d37190c8f42ae8
MD5: 3194e6282b2e51ed4ef186ce6125ed73
MD5: 7f42da8b0f8542a55e5560e86c4df407
MD5: f8bdc841214ae680a755b2654995895e
MD5: ed8062e152ccbe14541d50210f035299

Once, executed, a, sample, malware (MD5: 89fb419120d1443e86d37190c8f42ae8), phones, back, to, the, following, C&C, server, IPs:
hxxp://gremser.eu
hxxp://bibliotecacenamec.org.ve
hxxp://fbpeintures.com
hxxp://postgil.com
hxxp://verum1.home.pl
hxxp://przedwislocze.internetdsl.pl
hxxp://iskurders.webkursu.net
hxxp://pennthaicafe.com.au
hxxp://motherengineering.com
hxxp://krupoonsak.com

Once, executed, a, sample, malware (MD5: 3194e6282b2e51ed4ef186ce6125ed73), phones, back, to, the, following, malicious, C&C, server, IPs:
hxxp://get.enomenalco.club
hxxp://promos-back.peerdlgo.info
hxxp://get.cdzhugashvili.bid
hxxp://doap.ctagonallygran.bid
hxxp://get.gunnightmar.club
hxxp://huh.adowableunco.bid
hxxp://slibby.ineddramatiseo.bid

Once, executed, a, sample, malware (MD5: 7f42da8b0f8542a55e5560e86c4df407), phones, back, to, the, following, malicious, C&C, server, IPs:
hxxp://acemoglusucuklari.com.tr
hxxp://a-bring.com
hxxp://tn69abi.com
hxxp://gim8.pl
hxxp://sso.anbtr.com

Once, executed, a, sample, malware (MD5: f8bdc841214ae680a755b2654995895e), phones, back, to, the, following, malicious, C&C, server, IPs:
hxxp://dtrack.secdls.com
hxxp://api.v2.secdls.com
hxxp://api.v2.sslsecure1.com
hxxp://api.v2.sslsecure2.com
hxxp://api.v2.sslsecure3.com
hxxp://api.v2.sslsecure4.com
hxxp://api.v2.sslsecure5.com
hxxp://api.v2.sslsecure6.com
hxxp://api.v2.sslsecure7.com
hxxp://api.v2.sslsecure8.com

Once, executed, a, sample, malware, phones, back, to, the, following, malicious, C&C, server, IPs:
hxxp://v00d00.org/nod32/grabber.exe - - 67.215.238.77; 67.215.255.139; 184.168.221.87

Related, malicious, MD5s, known, to, have, phoned, back, to, the, same, C&C, server, IPs (67.215.238.77):
MD5: 1233c86d3ab0081b69977dbc92f238d0

Known, to, have, responded, to, the, same, malicious, IPs, are, also, the, following, malicious, domains:
hxxp://blog.symantecservice37.com
hxxp://agoogle.in
hxxp://adv.antivirup.com
hxxp://cdind.antivirup.com

Once, executed, a, sample, malware, phones, back, to, the, following, C&C, server, IPs:
hxxp://v00d00.org/nod32/update.php

Known, to, have, responded, to, the, same, malicious, IPs (67.215.255.139), are, also, the, following, malicious, domains:
hxxp://lenovoserve.trickip.net
hxxp://proxy.wikaba.com
hxxp://think.jkub.com
hxxp://upgrate.freeddns.com
hxxp://webproxy.sendsmtp.com
hxxp://yote.dellyou.com
hxxp://lostself.dyndns.info
hxxp://dellyou.com
hxxp://mtftp.freetcp.com
hxxp://ftp.adobe.acmetoy.com
hxxp://timeout.myvnc.com
hxxp://fashion.servehalflife.com

Related, malicious, MD5s, known, to, have, phoned, back, to, the, same, malicious, C&C, server, IPs (67.215.255.139):
MD5: e76aa56b5ba3474dda78bf31ebf1e6c0
MD5: 4de5540e450e3e18a057f95d20e3d6f6
MD5: 346a605c60557e22bf3f29a61df7cd21
MD5: ae9fefda2c6d39bc1cec36cdf6c1e6c4
MD5: da84f1d6c021b55b25ead22aae79f599

Known, to, have, responded, to, the, same, malicious, C&C, server, IPs (184.168.221.87), are, also, the, following, malicious, domains:
hxxp://teltrucking.com
hxxp://capecoraldining.org
hxxp://carsforsaletoronto.com
hxxp://joeyboca.com
hxxp://meeraamacids.com
hxxp://orangepotus.com
hxxp://palmerhardware.com
hxxp://railroadtohell.com

Related, malicious, MD5s, known, to, have, phoned, back, the, same, malicious, C&C, server, IPs (184.168.221.87):MD5: 037f8120323f2ddff3c806185512538c
MD5: 44f0e8fe53a3b489cb5204701fa1773d
MD5: 8a053e8d3e2eafc27be9738674d4d5b0
MD5: 9efc79cd75d23070735da219c331fe4d
MD5: ed81b9f1b72e31df1040ccaf9ed4393f

Once, executed, a, sample, malware (MD5: 037f8120323f2ddff3c806185512538c), phones, back, to, the, following, C&C, server, IPs:
hxxp://porno-kuba.net/emo/ld.php?v=1&rs=1819847107&n=1&uid=1

Once, executed, a, sample, malware, (MD5: 44f0e8fe53a3b489cb5204701fa1773d), phones, back, to, the, following, C&C, server, IPs:
hxxp://mhc.ir
hxxp://naphooclub.com
hxxp://mdesigner.ir
hxxp://nazarcafe.com
hxxp://meandlove.com
hxxp://nakhonsawangames.com
hxxp://mevlanacicek.com
hxxp://meeraprabhu.com
hxxp://micr.ae
hxxp://myhyderabadads.com
hxxp://cup-muangsuang.net

Sample, malicious, URLs, known, to, have, participated, in, the, campaign:
hxxp://portinilwo.com/nhjq/n09230945.asp
    - hxxp://portinilwo.com/botpanel/sell2.jpg
        - hxxp://portinilwo.com/boty.dat
            - hxxp://91.188.60.161/botpanel/sell2.jpg
                - hxxp://91.188.60.161/botpanel/ip.php

Once, executed, a, sample, malware, phones, back, to, the, following, C&C, server, IPs:
asf356ydc.com - MD5: 3b375fc53207e1f54504d4b038d9fe6b

Related, malicious, domains, known, to, have, participated, in, the, campaign:
asf356ydc.co
kaljv63s.com
sadkajt357.com

We'll, continue, monitoring, the, fraudulent, infrastructure, and, post, updates, as, soon, as, new, developments, take, place.

New Service Offerring Fake Documents on Demand Spotted in the Wild

In, a, cybercrime, ecosystem, dominated, by, multiple, underground, market, participants, and, hundreds, of, fraudulent, propositions, cybercriminals, continue, successfully, monetizing, access, to, malware-infected, hosts, for, the, purpose, of, earning, fraudulent, revenue, in, the, process, largely, relying, on, a, set, of, DIY (do-it-yourself), managed, cybercrime-friendly, services, successfully, monetizing, access, to, malware-infected, hosts, for, the, purpose, of, earning, fraudulent, revenue, in, the, process.

We've recently, intercepted, a, newly, launched, managed, on, demand, underground, market, type, of, service, proposition, offering, access, to, fake, documents, and, IDs, successfully, empowering, novice, cybercriminals, with, the, necessary, tactics, techniques, and, procedures, for, the, purpose, of, commiting, fraudulent, activities, while, earning, fraudulent, revenue, in, the, process, successfully, monetizing, access, to, malware-infected, hosts, while, earning, fraudulent, revenue, in, the, process.

In, this, post, we'll, profile, the, service, provide, actionable, intelligence, on, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.

In, a, cybercrime, ecystem, populated, by, hundreds, of, fraudulent, propositions, cybercriminals, continue, actively, launching, managed, cybercrime-friendly, services, successfully, monetizing, access, to, malware-infected, hosts, while, earning, fraudulent, revenue, in, the, process. Largely, relying, on, a, diverse, set, of, tactics, techniques, and, procedures, cybercriminals, continue, successfully, launching, managed, cybercrime-friendly, services, successfully, empowering, novice, cybercriminals with, the, necessary, tactics, techniques, and, procedures, for, the, purpose, of, earning, fraudulet, revenue, in, the, process, while, successfully, monetizing, access, to, malware-infected hosts, successfully, earning, fraudulent, revenue, in, the, process.

The, market, segment, for, fake, IDs, and, fake, documents, continues, flourishing, largely, thanks, to, a, diverse, set, of, underground, market, segment, cybercrime-friendly, managed, services, successfully, empowering, novice, cybercriminals, with, the, necessary, tactics, techniques, and, procedures, to, fruther, commit, cybercrime, while, earning, fraudulent, revenue, in, the, process, while, successfully, monetizing, access, to, malware-infected, hosts. In, a, market, segment, dominated, by, commiditized, underground, market, cybercrime-friendly, propositions, cybercriminals, continue, actively, populating, the, market, segment, for, fake, IDs, and, fake, documents, with, hundreds, of, fraudulent, propositions, successfully, empowering, novice, cybercriminals, with, the, necessary, tactics, techniques, and, procedures, to, further, commit, fraudulent, activity, while, earning, fraudulent, revenue, in, the, process.

We'll, continue, monitoring, the, market, segment, for, fake, documents, and, IDs, and, post, updates, as, soon, as, new, developments, take, place.

Related posts:
New Cybercrime-Friendly Service Offers Fake Documents and Bills on Demand
Cybercriminals Offer Fake/Fraudulent Press Documents Accreditation On Demand
Cybercriminals Offer High Quality Plastic U.S Driving Licenses/University ID Cards
Vendor of Scanned Fake IDs, Credit Cards and Utility Bills Targets the French Market Segment
Newly Launched 'Scanned Fake Passports/IDs/Credit Cards/Utility Bills' Service Randomizes and Generates Unique Fakes On The Fly
A Peek Inside the Russian Underground Market for Fake Documents/IDs/Passports

New Mobile Malware Hits Google Play, Hundreds of Users Affected

We've, recently, intercepted, a, currently, circulating, malicious, campaign, affecting, hundreds, of, Google, Play, users, potentially, exposing, their, devices, to, a, multi-tide, of, malicious, software, potentially, exposing, the, confidentiality, integrity, and, availability, of, their, devices. Largely, relying, on a, set, of, social, engineering, vectors, cybercriminals, continue, populating, Google, Play, with, hundreds, of, malicious, releases, successfully, bypassing, Google, Play's, security, mechanisms.

Thanks, to, a, vibrant, cybercrime, ecosystem, stolen, and, compromised, accounting, data, continues, to, represent, an, underground, market, commodity, successfully, empowering, novice, cybercriminals, with, the, necessary, tools, and, know-how, to, continue, launching, malicious, attacks. Largely, relying, on, a, set, of, social, engineering, vectors, cybercriminals, continue, to, successfully, compromise, and, take, advantage, of, stolen, publisher's, account, successfully, bypassing, Google, Play's, security, mechanisms, potentially, exposing, hundreds, of, thousands, of, users, to, a, multi-tude, of, malicious, software.

In, this, post, we'll, profile, the, campaign, expose, the, infrastructure, behind, it, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.

Related malicious MD5s known to have participated in the campaign:

MD5: 3c4f56ebf48a0b47bffec547804d94f4

MD5: 8a81ef6673321bddc557c486bce2a025

MD5: 789cb05effb586bda98e87e71e340c39

MD5: 505e4d58c53d47245aa89c0fd7cded83

MD5: c7bb64012126e7f75feb5d021e755903

Once, executed, a, sample, malware (MD5: 3c4f56ebf48a0b47bffec547804d94f4), phones, back, to, the, following, C&C, server, IPs:

hxxp://art.hornymilfporna.com/g/getasite/

hxxp://art.hornymilfporna.com/z/orap/

hxxp://art.hornymilfporna.com/z/z2/

hxxp://art.hornymilfporna.com/z/z5/

Related malicious MD5s known to have phoned back to the same C&C server IP (art.hornymilfporna.com):

MD5: ee329ffcd6fe835bfdc0ec1a7f033584

Related malicious MD5s known to have phoned back to the same C&C server IP (hornymilfporna.com - 54.72.9.51; 104.27.188.20; 104.24.124.113):

MD5: d990fe6ed56e5f087dfc4c1ad09e2591

MD5: d129b79a68dd362714a4d35f9901c661

MD5: d74aab1f688c670c172c3767a17c4953

MD5: 5f8a4de87409b399d262bd0ae0a908d7

MD5: 189803a93cde9e0c401ac386c154328f

Once, executed, a, sample, malware, phones, back, to, the, following, C&C, server IPs:

hxxp://fullset.link

hxxp://allmodel-pro.com

hxxp://sso.anbtr.com

hxxp://xsso.allmodel-pro.com

hxxp://fullset.info

hxxp://groupmodel.biz

Once, executed, a, sample, malware, phones, back, to, the, following, C&C, server, IPs:

212.61.180.100

195.22.28.222

212.61.180.100

54.72.9.51

Once, executed, a, sample, malware (MD5: 8a81ef6673321bddc557c486bce2a025), phones, back, to, the, following, C&C, server, IPs:

hxxp://cinar.pussyteenx.com/g/getasite/ - 8.5.1.44; 46.45.168.84

hxxp://cinar.pussyteenx.com/z/orap/

hxxp://cinar.pussyteenx.com/z/z2/

hxxp://cinar.pussyteenx.com/z/z5/

Related, malicious, MD5s, known, to, have, phoned, back, to, the, same, C&C, server, IPs (cinar.pussyteenx.com - 8.5.1.44; 46.45.168.84):

MD5: b9a2447a5b292566b4998c5d996f488b

Related, malicious, MD5s, known, to, have, phoned, back, to, the, same, C&C, server, IP (cinar.pussyteenx.com - 8.5.1.44; 46.45.168.84):

MD5: f8205b4b9ae5d8ac8bf7b3996a6be408

MD5: a73138a8275b68296bfcf0ed39b2665c

MD5: ff06679eb18932e31f8b05d92a48b4eb

MD5: 107993dce5417356d40279feb2be0017

MD5: d5ed564fd2f4c10e3a26df9342a09545

Once, executed, a, sample, malware (MD5: f8205b4b9ae5d8ac8bf7b3996a6be408), phones, back, to, the, following, C&C, server, IPs:

hxxp://englishmeasure.net

hxxp://eitherdinner.net

hxxp://englishdinner.net

hxxp://eitherafraid.net

hxxp://englishafraid.net

hxxp://eithercircle.net

hxxp://englishcircle.net

hxxp://expectwheat.net

hxxp://becausewheat.net

hxxp://expectanger.net

hxxp://becauseanger.net

hxxp://expectalways.net

hxxp://becausealways.net

hxxp://expectforest.net

hxxp://becauseforest.net

hxxp://personwheat.net

hxxp://machinewheat.net

hxxp://personanger.net

hxxp://machineanger.net

hxxp://personalways.net

hxxp://machinealways.net

hxxp://personforest.net

hxxp://machineforest.net

hxxp://suddenwheat.net

hxxp://foreignwheat.net

hxxp://suddenanger.net

hxxp://foreignanger.net

hxxp://suddenalways.net

hxxp://foreignalways.net

hxxp://suddenforest.net

hxxp://foreignforest.net

hxxp://whetherwheat.net

hxxp://rightwheat.net

hxxp://whetheranger.net

hxxp://rightanger.net

hxxp://whetheralways.net

hxxp://rightalways.net

hxxp://whetherforest.net

hxxp://rightforest.net

hxxp://figurewheat.net

hxxp://thoughwheat.net

hxxp://figureanger.net

hxxp://thoughanger.net

hxxp://figurealways.net

hxxp://thoughalways.net

hxxp://figureforest.net

hxxp://thoughforest.net

hxxp://picturewheat.net

hxxp://cigarettewheat.net

hxxp://pictureanger.net

hxxp://cigaretteanger.net

hxxp://picturealways.net

hxxp://cigarettealways.net

hxxp://pictureforest.net

hxxp://cigaretteforest.net

hxxp://childrenwheat.net

hxxp://familywheat.net

hxxp://childrenanger.net

hxxp://familyanger.net

hxxp://childrenalways.net

hxxp://familyalways.net

hxxp://childrenforest.net

hxxp://familyforest.net

hxxp://eitherwheat.net

hxxp://englishwheat.net

hxxp://eitheranger.net

hxxp://englishanger.net

hxxp://eitheralways.net

hxxp://englishalways.net

hxxp://eitherforest.net

hxxp://englishforest.net

hxxp://expectschool.net

hxxp://becauseschool.net

hxxp://expectwhile.net

hxxp://becausewhile.net

hxxp://expectquestion.net

hxxp://becausequestion.net

hxxp://expecttherefore.net

hxxp://becausetherefore.net

hxxp://personschool.net

hxxp://machineschool.net

hxxp://personwhile.net

hxxp://machinewhile.net

hxxp://personquestion.net

hxxp://machinequestion.net

Once, executed, a, sample, malware (MD5: a73138a8275b68296bfcf0ed39b2665c), phones, back, to, the, following, C&C, server, IPs:

hxxp://figurefather.net

hxxp://thoughfather.net

hxxp://figureapple.net

hxxp://thoughapple.net

hxxp://figurebuilt.net

hxxp://thoughbuilt.net

hxxp://figurecarry.net

hxxp://thoughcarry.net

hxxp://picturefather.net

hxxp://cigarettefather.net

hxxp://pictureapple.net

hxxp://cigaretteapple.net

hxxp://picturebuilt.net

hxxp://cigarettebuilt.net

hxxp://picturecarry.net

hxxp://cigarettecarry.net

hxxp://childrenfather.net

hxxp://familyfather.net

hxxp://childrenapple.net

hxxp://familyapple.net

hxxp://childrenbuilt.net

hxxp://familybuilt.net

hxxp://childrencarry.net

hxxp://familycarry.net

hxxp://eitherfather.net

hxxp://englishfather.net

hxxp://eitherapple.net

hxxp://englishapple.net

hxxp://eitherbuilt.net

hxxp://englishbuilt.net

hxxp://eithercarry.net

hxxp://englishcarry.net

hxxp://expectmeasure.net

hxxp://becausemeasure.net

hxxp://expectdinner.net

hxxp://becausedinner.net

hxxp://expectafraid.net

hxxp://becauseafraid.net

hxxp://expectcircle.net

hxxp://becausecircle.net

hxxp://personmeasure.net

hxxp://machinemeasure.net

hxxp://persondinner.net

hxxp://machinedinner.net

hxxp://personafraid.net

hxxp://machineafraid.net

hxxp://personcircle.net

hxxp://machinecircle.net

hxxp://suddenmeasure.net

hxxp://foreignmeasure.net

hxxp://suddendinner.net

hxxp://foreigndinner.net

hxxp://suddenafraid.net

hxxp://foreignafraid.net

hxxp://suddencircle.net

hxxp://foreigncircle.net

hxxp://whethermeasure.net

hxxp://rightmeasure.net

hxxp://whetherdinner.net

hxxp://rightdinner.net

hxxp://whetherafraid.net

hxxp://rightafraid.net

hxxp://whethercircle.net

hxxp://rightcircle.net

hxxp://figuremeasure.net

hxxp://thoughmeasure.net

hxxp://figuredinner.net

hxxp://thoughdinner.net

hxxp://figureafraid.net

hxxp://thoughafraid.net

hxxp://figurecircle.net

hxxp://thoughcircle.net

hxxp://picturemeasure.net

hxxp://cigarettemeasure.net

hxxp://picturedinner.net

hxxp://cigarettedinner.net

hxxp://pictureafraid.net

hxxp://cigaretteafraid.net

hxxp://picturecircle.net

hxxp://cigarettecircle.net

hxxp://childrenmeasure.net

hxxp://familymeasure.net

hxxp://childrendinner.net

hxxp://familydinner.net

hxxp://childrenafraid.net

hxxp://familyafraid.net

hxxp://childrencircle.net

hxxp://familycircle.net

hxxp://eithermeasure.net

hxxp://englishmeasure.net

hxxp://eitherdinner.net

hxxp://englishdinner.net

hxxp://eitherafraid.net

hxxp://englishafraid.net

hxxp://eithercircle.net

hxxp://englishcircle.net

hxxp://expectwheat.net

hxxp://becausewheat.net

hxxp://expectanger.net

hxxp://becauseanger.net

hxxp://expectalways.net

hxxp://becausealways.net

hxxp://expectforest.net

hxxp://becauseforest.net

hxxp://personwheat.net

hxxp://machinewheat.net

hxxp://personanger.net

hxxp://machineanger.net

hxxp://personalways.net

hxxp://machinealways.net

hxxp://personforest.net

hxxp://machineforest.net

hxxp://suddenwheat.net

hxxp://foreignwheat.net

hxxp://suddenanger.net

hxxp://foreignanger.net

hxxp://suddenalways.net

hxxp://foreignalways.net

hxxp://suddenforest.net

hxxp://foreignforest.net

hxxp://whetherwheat.net

hxxp://rightwheat.net

hxxp://whetheranger.net

hxxp://rightanger.net

hxxp://whetheralways.net

hxxp://rightalways.net

hxxp://whetherforest.net

hxxp://rightforest.net

hxxp://figurewheat.net

hxxp://thoughwheat.net

hxxp://figureanger.net

Once, executed, a, sample, malware, phones, back, to the, following, C&C, server, IPs:
hxxp://195.22.28.197
hxxp://195.22.28.199
hxxp://184.168.221.55
hxxp://208.100.26.234
hxxp://184.168.221.35
hxxp://98.124.243.42
hxxp://208.100.26.234
hxxp://184.168.221.104
hxxp://173.236.80.218
hxxp://195.22.26.248
hxxp://195.22.26.248
hxxp://195.22.28.197
hxxp://208.100.26.234
hxxp://8.5.1.44
hxxp://98.130.238.135

Once, executed, a, sample, malware (MD5: ff06679eb18932e31f8b05d92a48b4eb), phones, back, to, the, following, C&C, server, IPs:

hxxp://strengthbecame.net

hxxp://stillbecame.net

hxxp://strengthcontain.net

hxxp://stillcontain.net

hxxp://strengthbasket.net

hxxp://stillbasket.net

hxxp://movementsettle.net

hxxp://outsidesettle.net

hxxp://movementlanguage.net

hxxp://outsidelanguage.net

hxxp://movementdevice.net

hxxp://outsidedevice.net

hxxp://movementbefore.net

hxxp://outsidebefore.net

hxxp://buildingsettle.net

hxxp://eveningsettle.net

hxxp://buildinglanguage.net

hxxp://eveninglanguage.net

hxxp://buildingdevice.net

hxxp://eveningdevice.net

hxxp://buildingbefore.net

hxxp://eveningbefore.net

hxxp://storesettle.net

hxxp://mightsettle.net

hxxp://storelanguage.net

hxxp://mightlanguage.net

hxxp://storedevice.net

hxxp://mightdevice.net

hxxp://storebefore.net

hxxp://mightbefore.net

hxxp://doctorsettle.net

hxxp://prettysettle.net

hxxp://doctorlanguage.net

hxxp://prettylanguage.net

hxxp://doctordevice.net

hxxp://prettydevice.net

hxxp://doctorbefore.net

hxxp://prettybefore.net

hxxp://fellowsettle.net

hxxp://doublesettle.net

hxxp://fellowlanguage.net

hxxp://doublelanguage.net

hxxp://fellowdevice.net

hxxp://doubledevice.net

hxxp://fellowbefore.net

hxxp://doublebefore.net

hxxp://brokensettle.net

hxxp://resultsettle.net

hxxp://brokenlanguage.net

hxxp://resultlanguage.net

hxxp://brokendevice.net

hxxp://resultdevice.net

hxxp://brokenbefore.net

hxxp://resultbefore.net

hxxp://preparesettle.net

hxxp://desiresettle.net

hxxp://preparelanguage.net

hxxp://desirelanguage.net

hxxp://preparedevice.net

hxxp://desiredevice.net

hxxp://preparebefore.net

hxxp://desirebefore.net

hxxp://strengthsettle.net

hxxp://stillsettle.net

hxxp://strengthlanguage.net

hxxp://stilllanguage.net

hxxp://strengthdevice.net

hxxp://stilldevice.net

hxxp://strengthbefore.net

hxxp://stillbefore.net

hxxp://movementfound.net

hxxp://outsidefound.net

hxxp://movementspring.net

hxxp://outsidespring.net

hxxp://movementsuccess.net

hxxp://outsidesuccess.net

hxxp://movementbanker.net

hxxp://outsidebanker.net

hxxp://buildingfound.net

hxxp://eveningfound.net

hxxp://buildingspring.net

hxxp://eveningspring.net

hxxp://buildingsuccess.net

hxxp://eveningsuccess.net

hxxp://buildingbanker.net

hxxp://eveningbanker.net

hxxp://storefound.net

hxxp://mightfound.net

hxxp://storespring.net

hxxp://mightspring.net

hxxp://storesuccess.net

hxxp://mightsuccess.net

hxxp://storebanker.net

hxxp://mightbanker.net

hxxp://doctorfound.net

hxxp://prettyfound.net

hxxp://doctorspring.net

hxxp://prettyspring.net

hxxp://doctorsuccess.net

hxxp://prettysuccess.net

hxxp://doctorbanker.net

hxxp://prettybanker.net

hxxp://fellowfound.net

hxxp://doublefound.net

hxxp://fellowspring.net

hxxp://doublespring.net

hxxp://fellowsuccess.net

hxxp://doublesuccess.net

hxxp://fellowbanker.net

hxxp://doublebanker.net

hxxp://brokenfound.net

hxxp://resultfound.net

hxxp://brokenspring.net

hxxp://resultspring.net

hxxp://brokensuccess.net

hxxp://resultsuccess.net

hxxp://brokenbanker.net

hxxp://resultbanker.net

hxxp://preparefound.net

hxxp://desirefound.net

hxxp://preparespring.net

hxxp://desirespring.net

hxxp://preparesuccess.net

hxxp://desiresuccess.net

hxxp://preparebanker.net

hxxp://desirebanker.net

hxxp://strengthfound.net

hxxp://stillfound.net

hxxp://strengthspring.net

hxxp://stillspring.net

hxxp://strengthsuccess.net

hxxp://stillsuccess.net

hxxp://strengthbanker.net

hxxp://stillbanker.net

hxxp://movementairplane.net

hxxp://outsideairplane.net

hxxp://movementstraight.net

hxxp://outsidestraight.net

hxxp://movementguard.net

hxxp://outsideguard.net

hxxp://movementfence.net

hxxp://outsidefence.net

hxxp://buildingairplane.net

hxxp://eveningairplane.net

hxxp://buildingstraight.net

hxxp://eveningstraight.net

hxxp://buildingguard.net

hxxp://eveningguard.net

hxxp://buildingfence.net

hxxp://eveningfence.net

hxxp://storeairplane.net

hxxp://mightairplane.net

hxxp://storestraight.net

hxxp://mightstraight.net

hxxp://storeguard.net

hxxp://mightguard.net

Once, executed, a, sample, malware, phones, back, to, the, following, C&C, server, IPs:
hxxp://98.124.243.39
hxxp://195.22.28.198
hxxp://216.239.34.21
hxxp://208.100.26.234
hxxp://195.22.26.248
hxxp://195.22.28.197
hxxp://208.100.26.234
hxxp://50.63.202.6
hxxp://54.207.35.233
hxxp://8.5.1.44
hxxp://74.208.236.66
hxxp://81.21.76.62
hxxp://50.63.202.55
hxxp://208.91.197.25
hxxp://5.2.189.251
hxxp://195.22.28.198

Once, executed, a, sample, malware (MD5: 107993dce5417356d40279feb2be0017), phones, back, to, the, following, C&C, server, IPs:

hxxp://movementindustry.net

hxxp://outsideindustry.net

hxxp://movementbecame.net

hxxp://outsidebecame.net

hxxp://movementcontain.net

hxxp://outsidecontain.net

hxxp://movementbasket.net

hxxp://outsidebasket.net

hxxp://buildingindustry.net

hxxp://eveningindustry.net

hxxp://buildingbecame.net

hxxp://eveningbecame.net

hxxp://buildingcontain.net

hxxp://eveningcontain.net

hxxp://buildingbasket.net

hxxp://eveningbasket.net

hxxp://storeindustry.net

hxxp://mightindustry.net

hxxp://storebecame.net

hxxp://mightbecame.net

hxxp://storecontain.net

hxxp://mightcontain.net

hxxp://storebasket.net

hxxp://mightbasket.net

hxxp://doctorindustry.net

hxxp://prettyindustry.net

hxxp://doctorbecame.net

hxxp://prettybecame.net

hxxp://doctorcontain.net

hxxp://prettycontain.net

hxxp://doctorbasket.net

hxxp://prettybasket.net

hxxp://fellowindustry.net

hxxp://doubleindustry.net

hxxp://fellowbecame.net

hxxp://doublebecame.net

hxxp://fellowcontain.net

hxxp://doublecontain.net

hxxp://fellowbasket.net

hxxp://doublebasket.net

hxxp://brokenindustry.net

hxxp://resultindustry.net

hxxp://brokenbecame.net

hxxp://resultbecame.net

hxxp://brokencontain.net

hxxp://resultcontain.net

hxxp://brokenbasket.net

hxxp://resultbasket.net

hxxp://prepareindustry.net

hxxp://desireindustry.net

hxxp://preparebecame.net

hxxp://desirebecame.net

hxxp://preparecontain.net

hxxp://desirecontain.net

hxxp://preparebasket.net

hxxp://desirebasket.net

hxxp://strengthindustry.net

hxxp://stillindustry.net

hxxp://strengthbecame.net

hxxp://stillbecame.net

hxxp://strengthcontain.net

hxxp://stillcontain.net

hxxp://strengthbasket.net

hxxp://stillbasket.net

hxxp://movementsettle.net

hxxp://outsidesettle.net

hxxp://movementlanguage.net

hxxp://outsidelanguage.net

hxxp://movementdevice.net

hxxp://outsidedevice.net

hxxp://movementbefore.net

hxxp://outsidebefore.net

hxxp://buildingsettle.net

hxxp://eveningsettle.net

hxxp://buildinglanguage.net

hxxp://eveninglanguage.net

hxxp://buildingdevice.net

hxxp://eveningdevice.net

hxxp://buildingbefore.net

hxxp://eveningbefore.net

hxxp://storesettle.net

hxxp://mightsettle.net

hxxp://storelanguage.net

hxxp://mightlanguage.net

hxxp://storedevice.net

hxxp://mightdevice.net

hxxp://storebefore.net

hxxp://mightbefore.net

hxxp://doctorsettle.net

hxxp://prettysettle.net

hxxp://doctorlanguage.net

hxxp://prettylanguage.net

hxxp://doctordevice.net

hxxp://prettydevice.net

hxxp://doctorbefore.net

hxxp://prettybefore.net

fhxxp://ellowsettle.net

hxxp://doublesettle.net

hxxp://fellowlanguage.net

hxxp://doublelanguage.net

fhxxp://ellowdevice.net

hxxp://doubledevice.net

hxxp://fellowbefore.net

hxxp://doublebefore.net

hxxp://brokensettle.net

hxxp://resultsettle.net

hxxp://brokenlanguage.net

hxxp://resultlanguage.net

hxxp://brokendevice.net

hxxp://resultdevice.net

hxxp://brokenbefore.net

hxxp://resultbefore.net

hxxp://preparesettle.net

hxxp://desiresettle.net

hxxp://preparelanguage.net

hxxp://desirelanguage.net

hxxp://preparedevice.net

hxxp://desiredevice.net

hxxp://preparebefore.net

hxxp://desirebefore.net

hxxp://strengthsettle.net

hxxp://stillsettle.net

hxxp://strengthlanguage.net

hxxp://stilllanguage.net

hxxp://strengthdevice.net

hxxp://stilldevice.net

hxxp://strengthbefore.net

hxxp://stillbefore.net

hxxp://movementfound.net

hxxp://outsidefound.net

hxxp://movementspring.net

hxxp://outsidespring.net

hxxp://movementsuccess.net

hxxp://outsidesuccess.net

hxxp://movementbanker.net

hxxp://outsidebanker.net

hxxp://buildingfound.net

hxxp://eveningfound.net

hxxp://buildingspring.net

hxxp://eveningspring.net

hxxp://buildingsuccess.net

hxxp://eveningsuccess.net

hxxp://buildingbanker.net

hxxp://eveningbanker.net

hxxp://storefound.net

hxxp://mightfound.net

hxxp://storespring.net

hxxp://mightspring.net

hxxp://storesuccess.net

hxxp://mightsuccess.net

hxxp://storebanker.net

hxxp://mightbanker.net

hxxp://doctorfound.net

hxxp://prettyfound.net

hxxp://doctorspring.net

hxxp://prettyspring.net

hxxp://doctorsuccess.net

hxxp://prettysuccess.net

hxxp://doctorbanker.net

hxxp://prettybanker.net

hxxp://fellowfound.net

hxxp://doublefound.net

hxxp://fellowspring.net

hxxp://doublespring.net

hxxp://fellowsuccess.net

hxxp://doublesuccess.net

hxxp://fellowbanker.net

hxxp://doublebanker.net

hxxp://brokenfound.net

hxxp://resultfound.net

Once, executed, a, sample, malware, phones, back, to, the, following, C&C, server, IPs:
hxxp://207.148.248.143
hxxp://50.63.202.56
hxxp://208.100.26.234
hxxp://195.22.28.197
hxxp://208.100.26.234
hxxp://98.124.243.39
hxxp://195.22.28.199
hxxp://216.239.32.21
hxxp://208.100.26.234
hxxp://195.22.26.248
hxxp://195.22.28.197
hxxp://208.100.26.234
hxxp://50.63.202.6
hxxp://54.207.35.233
hxxp://8.5.1.44
hxxp://74.208.236.66

Once, executed, a, sample, malware (MD5: d5ed564fd2f4c10e3a26df9342a09545), phones, back, to, the, following, C&C, server, IPs:

hxxp://desiredress.net

hxxp://strengthcatch.net

hxxp://stillcatch.net

hxxp://strengtheearly.net

hxxp://stilleearly.net

hxxp://strengthpublic.net

hxxp://stillpublic.net

hxxp://strengthdress.net

hxxp://stilldress.net

hxxp://expectlength.net

hxxp://becauselength.net

hxxp://expectnotice.net

hxxp://becausenotice.net

hxxp://expectindeed.net

hxxp://becauseindeed.net

hxxp://expectduring.net

hxxp://becauseduring.net

hxxp://personlength.net

hxxp://machinelength.net

hxxp://personnotice.net

hxxp://machinenotice.net

hxxp://personindeed.net

hxxp://machineindeed.net

hxxp://personduring.net

hxxp://machineduring.net

hxxp://suddenlength.net

hxxp://foreignlength.net

hxxp://suddennotice.net

hxxp://foreignnotice.net

hxxp://suddenindeed.net

hxxp://foreignindeed.net

hxxp://suddenduring.net

hxxp://foreignduring.net

hxxp://whetherlength.net

hxxp://rightlength.net

hxxp://whethernotice.net

hxxp://rightnotice.net

hxxp://whetherindeed.net

hxxp://rightindeed.net

hxxp://whetherduring.net

hxxp://rightduring.net

hxxp://figurelength.net

hxxp://thoughlength.net

hxxp://figurenotice.net

hxxp://thoughnotice.net

hxxp://figureindeed.net

hxxp://thoughindeed.net

hxxp://figureduring.net

hxxp://thoughduring.net

hxxp://picturelength.net

hxxp://cigarettelength.net

hxxp://picturenotice.net

hxxp://cigarettenotice.net

hxxp://pictureindeed.net

hxxp://cigaretteindeed.net

hxxp://pictureduring.net

hxxp://cigaretteduring.net

hxxp://childrenlength.net

hxxp://familylength.net

hxxp://childrennotice.net

hxxp://familynotice.net

hxxp://childrenindeed.net

hxxp://familyindeed.net

hxxp://childrenduring.net

hxxp://familyduring.net

hxxp://eitherlength.net

hxxp://englishlength.net

hxxp://eithernotice.net

hxxp://englishnotice.net

hxxp://eitherindeed.net

hxxp://englishindeed.net

hxxp://eitherduring.net

hxxp://englishduring.net

hxxp://expectclear.net

hxxp://becauseclear.net

hxxp://expectgeneral.net

hxxp://becausegeneral.net

hxxp://expectinclude.net

hxxp://becauseinclude.net

hxxp://expectnorth.net

hxxp://becausenorth.net

hxxp://personclear.net

hxxp://machineclear.net

hxxp://persongeneral.net

hxxp://machinegeneral.net

hxxp://personinclude.net

hxxp://machineinclude.net

hxxp://personnorth.net

hxxp://machinenorth.net

hxxp://suddenclear.net

hxxp://foreignclear.net

hxxp://suddengeneral.net

hxxp://foreigngeneral.net

hxxp://suddeninclude.net

hxxp://foreigninclude.net

hxxp://suddennorth.net

hxxp://foreignnorth.net

hxxp://whetherclear.net

hxxp://rightclear.net

hxxp://whethergeneral.net

hxxp://rightgeneral.net

hxxp://whetherinclude.net

hxxp://rightinclude.net

hxxp://whethernorth.net

hxxp://rightnorth.net

hxxp://figureclear.net

hxxp://thoughclear.net

hxxp://figuregeneral.net

hxxp://thoughgeneral.net

hxxp://figureinclude.net

hxxp://thoughinclude.net

hxxp://figurenorth.net

hxxp://thoughnorth.net

hxxp://pictureclear.net

hxxp://cigaretteclear.net

hxxp://picturegeneral.net

hxxp://cigarettegeneral.net

hxxp://pictureinclude.net

hxxp://cigaretteinclude.net

hxxp://picturenorth.net

hxxp://cigarettenorth.net

hxxp://childrenclear.net

hxxp://familyclear.net

hxxp://childrengeneral.net

hxxp://familygeneral.net

hxxp://childreninclude.net

hxxp://familyinclude.net

hxxp://childrennorth.net

hxxp://familynorth.net

hxxp://eitherclear.net

hxxp://englishclear.net

hxxp://eithergeneral.net

hxxp://englishgeneral.net

hxxp://eitherinclude.net

hxxp://englishinclude.net

hxxp://eithernorth.net

Once, executed, a, sample, malware, phones, back, to, the, following, C&C, server, IPs:
hxxp://195.22.28.197
hxxp://208.100.26.234
hxxp://8.5.1.44
hxxp://208.100.26.234
hxxp://195.22.28.199
hxxp://162.255.119.249
hxxp://208.100.26.234
hxxp://98.124.243.44

Once, executed, a, sample, malware (MD5: 789cb05effb586bda98e87e71e340c39), phones, back, to, the, following, C&C, server, IPs:

hxxp://diyar.collegegirlteen.com/g/getasite/ - 46.45.168.84

hxxp://diyar.collegegirlteen.com/z/orap/

hxxp://diyar.collegegirlteen.com/z/z2/

hxxp://diyar.collegegirlteen.com/z/z5/

Related, malicious, MD5s, known, to, have, phoned, back, to, the, following, C&C, server, IPs:

MD5: acd62483446c7ed057f312784bfddd61

Once, executed, a, sample, malware (MD5: 505e4d58c53d47245aa89c0fd7cded83), phones, back, to, the, following, C&C, server, IPs:

hxxp://van.cowteen.com/g/getasite/ - 46.45.168.84

hxxp://van.cowteen.com/z/orap/

hxxp://van.cowteen.com/z/z2/

hxxp://van.cowteen.com/z/z5/

Related. malicious, MD5s, known, to, have, phoned, back, to, the, same, C&C, server, IP:

MD5: 13f2e7b3141b84666e0209e140663ef2

Once, executed, a, sample, malware, phones, back, to, the, following, C&C, server, IPs:

hxxp://w.bestmobile.mobi/ - 104.31.66.169; 104.31.67.169; 104.28.0.226; 104.28.1.226

Related, malicious, MD5s, known, to, have, phoned, back, to, the, same, C&C, server, IPs:

MD5: 92bd8e7e58816bcb14f9dcbf839178ca

MD5: 1ee44596b174edb55c4bc497c1fe5f34

MD5: 443f732e406b3d96e53184917525e14a

MD5: a24fad894881b746c48420b019a225cf

MD5: 7c8a8f96c5b31e6ccae936ddc5226c91

Once, executed, a, sample, malware (MD5: a24fad894881b746c48420b019a225cf), phones, back, to, the, following, C&C, server, IPs:

hxxp://au.umeng.co - 140.205.170.6; 140.205.230.45; 140.205.250.51; 140.205.134.243; 140.205.155.238; 110.173.196.195; 211.151.139.211; 211.151.139.210

hxxp://au.umeng.com/api/check_app_update - 140.205.134.243; 140.205.170.6; 140.205.250.51; 140.205.230.45; 140.205.155.238; 110.173.196.195; 211.151.151.6; 211.151.139.210;

211.151.139.211

Related, malicious, MD5s, known, to, have, phoned, back, to, the, same, C&C, server, IP (au.umeng.co - 140.205.170.6; 140.205.230.45; 140.205.250.51; 140.205.134.243; 140.205.155.238; 110.173.196.195; 211.151.139.211; 211.151.139.210):

MD5: 65a6f1e29b09ba7caa98a9763593aedb

MD5: 102111b9024b71f6ab584d22abdbc589

MD5: 9ad137e51a5b6b2288c774a74a7e80da

MD5: a70595e99b3471216404400b736eaf7c

MD5: 3d3360250c96dff33e177121113b5a3f

Once, executed, a, sample, malware, phones, back, to, the, same, C&C, server, IPs:

hxxp://211.139.191.223

hxxp://221.179.35.113

Once, executed, a, sample, malware, phones, back, to, the, same, C&C, server, IPs:

hxxp://115.28.174.189/hft/rq.php

Related, malicious, MD5s, known, to, have, phoned, back, to, the, same, C&C, server, IPs:

MD5: c0464c5193dec0980a07fa2e50deffb1

We'll, continue, monitoring, the, market, segment, for, mobile, malware, and, post, updates, as, soon, as, new, developments, take, place.

The Rise of Mobile Malware - A Retrospective

With, mobile, malware, continuing, to, proliferate, cybercriminals, continue, getting, successfully, positioned, to, take, advantage, of, hundreds, of, thousands, of, socially, engineering, users, on, their, way, to, earn, fraudulent, revenue, in, the, process, of, monetizing, access, to, their, devices, potentially, compromising, the, confidentiality, integrity, and, availability, of, their, devices, on, their, way, to, earn, fraudulent, revenue, in the, process. 

Thanks, to, a vibrant, cybercrime, ecosystem, offering, access, to, a, variety, of, managed, cybercrime-friendly, services, next, to, the, overall, availability, of, DIY (do-it-yourself), type, of, malicious, software, generating, tools, cybercriminals, continue, getting, successfully, positioned, to, take, advantage, of, hundreds, of, thousands, of, socially, engineered, users,

on, their, way, to, monetize, access, to, their, devices, and, earn, fraudulent, revenue, in, the, process.

Largely, relying, on, a, set, of, socially, engineering, attack, vectors, cybercriminals, continue, successfully, infiltrating, and, bypassing, Google Play, the, Web's, most, popular, Android, applications, marketplace, on, their, way, to, earn, fraudulent, revenue, in, the, process, successfully, tricking, hundreds, of, thousands, of, users, into, successfully, executing, malicious, software, on, their, devices.

Thanks, to, a, vibrant, cybercrime-friendly, ecosystem, offering, a, variety, of, managed, services, including, the, compromise, of, a, legitimate, publisher's, Google Play, account, cybercriminals, continue, successfully, infiltrating, Google Play, successfully, earning, fraudulent, revenue, in, the, process, while, tricking, tens, of, thousands, of, socially, engineered, users, into, executing, malicious, software, on, their, devices.

Largely, relying, on, the, active, abuse, of, access, to, a, malware-infected, hosts, cybercriminals, continue, successfully, utilizing, basic, data, mining, techniques, to, successfully, obtain, access, to, a, set, of, Web, properties, including, but, not, limited, to, Google Play, for, the, purpose, of, successfully, earning, fraudulent, revenue, in, the, process. Largely, relying, on, basic, traffic, segmentation, tactics, cybercriminals, are, successfully, positioned, to, obtain, access, to, a, legitimate, Google Play, publisher's, account, for, the, purpose, of, successfully, monetizing, access, to, a, particular, publisher's, account, on, their, way, to, spread, malicious, software, and, earn, fraudulent, revenue, in, the, process.

These, basic, social, engineering, type, of, attack, techniques, continue, successfully, empowering, cybercriminals, with, the, necessary, tactics, techniques, and, procedures, successfully, bypassing, Google Play's, security mechanisms, on, their, way, to, spread, malicious, software, and, earn, fraudulent, revenue, in, the, process, of, obtaining, access, to, a, particular, publisher's, Google Play, account.

Next, to, the, general, compromise, of, a, legitimate, publisher's, Google Play, account, cybercriminals, are, successfully, positioned, to, take, advantage, of, primary, Android, applications, marketplaces, such, as, Google, Play, for, the, purpose, of, successfully, establishing, rogue, publisher's, reputations, successfully, relying, on, a, set, of, cybercrime-friendly, managed, underground, type, of, managed, cybercrime-friendly, services, offering, access, to, Google, Play, for, the, purpose, of, successfully, monetizing, access, to, a, particular, publisher's, account, largely, relying, on, a, set, of, social, engineering, attack, vectors, in, combination, with, the, use, of, cybercrime-friendly, managed, DIY (do-it-yourself), type, of, managed, cybercrime-friendly, services, successfully, monetizing, access, to, a, particular, publisher's, account, for, the, purpose, of, earning, fraudulent, revenue, in, the, process, while, successfully, infiltrating, the, Web's, most, popular, Android, marketplace, Google, Play.

Next, the, general, compromise, of, a, legitimate, publisher's, Google, Play, account, next, to, the, general, infiltrating, of, Google, Play, for, the, purpose, of, pushing, malicious, software, to unsuspecting, users, cybercriminals, continue, actively, relying, on, a, set, of, underground, market, cybercrime-friendly, secondary, marketplaces, offering, access, to, hundreds, of, thousands, of, rogue, Android, applications, successfully, bypassing, a, socially, engineered, user's, security, device, security, mechanisms, on, their, way, to, earn, fraudulent, revenue, in, the, process, while, successfully, monetizing, access, to, a, particular, compromise, device, on, their, way, to earn, fraudulent, revenue, in, the, process. 

With, secondary, marketplaces, continuing, to, proliferate, cybercriminals, continue, earning, fraudulent, revenue, in, the, process, of, monetizing, and, obtaining, access, to, a, socially, engineered, user's, compromised, device. Largely, relying, on, a, set, of, black, hat, SEO (search engine optimization) tactics, cybercriminals, continue, actively, populating, secondary, marketplaces, with, hundreds, of, thousands, of, rogue, applications, potentially, exposing, the, confidentiality, integrity, and, availability, of, a, socially, engineered, user's, compromised, device, for, the, purpose, of, earning,

fraudulent, revenue, in, the, process. With, secondary, marketplaces, continuing, to, bypass, a, socially, engineered, user's, device, security, for, the, purpose, of, earning, fraudulent, revenue, in, the, process, cybercriminals, continue, to, successfully, bypass, an, affected, user's, device, security, for, the, purpose, of, earning, fraudulent, revenue, in, the, process.

Thanks, to, a vibrant, cybercrime-friendly, ecosystem, cybercriminals, continue, to, successfully, infiltrate, primary, and, secondary, marketplaces, with, hundreds, of, malicious, releases, thanks, to, the, overall, availability, of, DIY (do-it-yourslef), malicious, software, generating, tools, next, to, the, overall, availability, of, managed, cybercrime-friendly, services, successfully, empowering, cybercriminals, with, the, necessary, tactics, techniques, and, procedures, for, the, purpose, of, launching, malicious, attacks, successfully, bypassing, a, primary, and, secondary, marketplaces, security, mechanisms, in, place. Next, to, the, overall, availability, of, DIY (do-it-yourself), type, of, malicious, software, generating, tools, cybercriminals, continue, to, actively, take, advantage, of, managed, malware-as-a-service, type, of, managed, cybercrime-friendly, services, for, the, purpose, of, successfully, generating, malicious, software, type, of, cybercrime-friendly, releases, successfully, bypassing, primary, and, secondary, marketplaces, security, mechanisms, in, place. 

Among, the, most, popular, features, of, such, type, of, managed, cybercrime-friendly, type, of, managed, cybercrime-friendly, type, of, services, remain, the, active, infiltration, of, primary, and, secondary, marketplaces, including, the, active, verification, of, a, particular, malicious, release, against, the, most, popular, antivirus, scanners, successfully, ensuring, the, sucess, rate, for, a, particular, malicious, campaign, while, earning, fraudulent, revenue, in, the, process, on, their, way, to, successfully, infiltrate, a, socially, engineered, user's, device, while, earning, fraudulent, revenue, in, the, process.

Among, the, most, popular, traffic, acquisition, tactics, remain, the, active, utilization, of, underground, market, traffic, exchanges, for, the, purpose, of, successfully, monetizing, and, acquiring, the, hijacked, traffic, for, the, purpose, of, successfully, spreading, malicious, software, to, unsuspecting, users, globally, while, earning, fraudulent, revenue, in, the, process, on, their, way, to earn, fraudulent, revenue, in, the, process. Next, to, the, active, traffic, acquisition, tactics, thanks, to, the, overall, availability, of, underground, market, traffic, exchanges, cybercriminals, continue, to, actively, rely, on, basic, traffic, segmentation, tactics, for, the, purpose, of, serving, malicious, software, to, unsuspecting, users, while, earning, fraudulent, revenue, in, the, process. 

Continuing, to, rely, on, basic, traffic, segmentation, tactics, cybercriminals, continue, to, successfully, acquire, and, monetize, hijacked, traffic, successfully, monetizing, access, to, hundreds, of, thousands, of, socially, engineered, users, globally, potentially, exposing, the, confidentiality, integrity, and, availability, of, their, devices, to, a, multi-tude, of, malicious, software, while, earning, fraudulent, revenue, in the, process. Among, the, most, popular, growth, factors, for, the, purpose, of, earning, fraudulent, revenue, in, the,

process, remain, the, active, utilization, of, affiliate-network, type, of, rogue, software, generating, type, of, networks, successfully, bypassing, the, security, mechanisms, of, primary, and, secondary, marketplaces, successfully, empowering, cybercriminals, with, the, necessary, tactics, techniques, and, procedures, for, the, purpose, of, earning, fraudulent, revenue, in, the, process, while, successfully, monetizing, access, to, hundreds, of, thousands, of, malware-infected, devices, globally.

Next, to, the, active, traffic, acquisition, tactics, for, the, purpose, of, earning, fraudulent, revenue, while, monetizing, access, to, socially, engineered, user's, devices, globally, cybercriminals, continue, to, actively, monetize, access, to, hundreds, of, thousands, of, compromised, Web sites, successfully, monetizing, access, in, an, automated, fashion, largely, relying, on, managed, and, automated, Web, site, exploitation, tools, and, services, successfully, bypassing, the, security, and, confidentiality, and, integrity, and, availability, of, hundreds, of, socially, engineered, users, globally. 

Once, a, particular, cybercriminal, compromises, a, legitimate, Web sites, in, an, automated, fashion, he, would, automatically, launch, a, malicious, campaign, successfully, bypassing, the, security, confidentiality, and, availability, of, hundreds, of, socially, engineered, users, globally, for, the, purpose, of, earning, fraudulent, revenue, in, the, process, while, successfully, monetizing, access, to, a, variety, of, users, globally, for, the, purpose, of, earning, fraudulent, revenue, in, the, process, while, successfully, monetizing, access, to, hundreds, of, thousands, of, users, globally, for, the, purpose, of, earning, fraudulent, revenue, in, the, process.

Thanks, to, the, overall, availability, of, malicious, software, generating, tools, managed, cybercrime friendly, services, the, overall, prevalence, of, cybercrime-friendly, underground-marketplace, traffic, exchanges, and, the, automated, exploitation, of, hundreds, of, thousands, of, legitimate, Web sites, in, an, automated, fashion, cybercriminals, continue, to, successfully, monetize, and, earn, fraudulent, revenue, in, the, process, of, obtaining, access, to, a, targeted, user's, device, for, the, purpose, of, successfully, bypassing, the, confidentiality, availability, and, integrity, of, the, targeted, user's, device, successfully, monetizing, and, earning, fraudulent, revenue, in, the, process. 

Thanks, to, the, overall, availability, of, managed, affiliate-based, type, of, cybercrime-friendly, services, cybercriminals, continue, to, successfully, monetize, and, obtain, access, to, hundreds, of, thousands, of, managed, cybercrime-friendly, type, of, compromised, devices, successfully, monetizing, and, earning, fraudulent, revenue, in, the, process, while, successfully, bypassing, the, confidentiality, availability, and, integrity, of, the, targeted, devices, while, successfully, monetizing, the, socially, engineered, user's, device, for, the, purpose, of, launching, malicious, software, type, of, malicious, campaigns, globally.