New Mobile Malware Intercepted in the Wild, Hundreds of Users Affected

We’ve, recently,
intercepted, a, currently, circulating, malicious, spam, campaign,
affecting, hundreds, of, users, globally, potentially, exposing, the,
confidentiality, availability, and, integrity, of, their, devices,
to, a, multi-tude, of, malicious, software. Largely, relying, on, a,
set, of, social, engineering, vectors, cybercriminals, continue,
monetizing, and, earning, fraudulent, revenue, while, affecting,
hundreds, of, thousands, of, users, globally. 
Thanks, to, the,
overall, availability, of, affiliate, based, type, of, monetization,
approaches, cybercriminals, continue, successfully, monetizing,
hijacked, and, acquired, underground, market, type, of, hijacked,
and, acquired, traffic, for, the, purpose, of, earning, fraudulent,
revenue, in, the, process.
In, this, post,
we’ll, profile, the, campaign, provide, actionable, intelligence, on,
the, infrastructure, behind, it, and, discuss, in-depth, the,
tactics, techniques, and, procedures, of, the, cybercriminals,
behind, it.
Related malicious MD5s known to have
participated, in, the, campaign:
MD5:
7197d23e61909aa16cd637cdba818ae7
MD5:
28bae60a1700b768de0a33275c22bee5
Once, executed, a, sample, malware,
phones, back, to, the, following, C&C, server, IPs:
hxxp://android2update.com
– 52.28.249.128; 52.28.3.6
hxxp://android2update.com
– 52.28.249.128; 52.28.3.6
hxxp://androidversion.net
– 52.28.249.128; 52.28.3.6
hxxp://androidssafe.com
hxxp://getupdateandroid.com
hxxp://updateandroid.biz
hxxp://softthrifty.com
– 131.253.18.12
Related, malicious, MD5s, known, to,
have, phoned, back, to, the, same, C&C, server, IPs
(android2update.com – 52.28.249.128; 52.28.3.6):
MD5:
93ad90787391f9d4f15fe06f9d6a32dd
MD5:
c678b20e4859ff7a24dcdf01644796f6
MD5:
c6964ee454ff2885497c62220a963046
MD5:
c2c1b9524017dc401365a0136edeb70a
MD5:
efd14b0c1eff64a5e2b90ad5f6c92fdb
Related, malicious, MD5s, known, to,
have, participated, in, the, campaign:
MD5:
02462f235a01a6f8287900d04598b4a4
MD5:
11c6792518c1389173ee626b87c44bd1
MD5:
1b497b1ddfcbb5457f4c8ba41d412b44
MD5:
2dfccca5a9cdf207fb43a54b2194e368
MD5:
5884d1134c636cdc8421d76fb288e37d
Related malicious MD5s known to
have, participated, in, the, campaign:
MD5:
ecbbce17053d6eaf9bf9cb7c71d0af8d
MD5:
b1ae0d9a2792193bff8c129c80180ab0
MD5:
e98791dffcc0a8579ae875149e3c8e5e
Related malicious, MD5s, known, to,
have, participated, in, the, campaign:
MD5:
02462f235a01a6f8287900d04598b4a4
MD5:
11c6792518c1389173ee626b87c44bd1
MD5:
1b497b1ddfcbb5457f4c8ba41d412b44
MD5:
2dfccca5a9cdf207fb43a54b2194e368
MD5:
5884d1134c636cdc8421d76fb288e37d
We’ll, continue,
monitoring, the, market, segment, for, mobile, malware, and, post,
updates, as, soon, as, new, developments, take, place.

Leave a Reply

Your email address will not be published. Required fields are marked *

Unit-123.org E-shop Owner Information

Who is Dancho Danchev?

Unit-123.org

Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products