Android Apps Coronavirus Trackers Trojans Malwares

Autorius: testers identification apps Šaltinis: https://www.ndr.de/nachrichten... 2020-03-18 21:32:00, skaitė 197, komentavo 1

Android Apps Coronavirus Trackers Trojans Malwares

Threat actors exploit current situation to distribute malicious corona virus related apps ; like Coronavirus Trackers, symptoms identification, maps etc. At current situation people tend to be more vulnerable to install such apps. Because of that, I decided to gather Android COVID-19 related malicious apps found by info security community.

[updated 19.03.2020]

Commercial surveillance tools (MobiHok, SpyNote, SpyMax)

Source: https://blog.lookout.com/commercial-surveillanceware-operators-latest-to-take-advantage-of-covid-19
Samples: 30 hashes listed in source research

Cerberus

Distributed: http://covid19-guidelines .online
Sample: https://www.virustotal.com/gui/file/2a469268fb18f0b009dc5b2bdd47f9ed61f0a3a2de04ba39daccd08a13fb19b2/detection
Payload: FDB2F4EFA95DD8B5EAD7527C92F24542
C&C: http://skakkiopiskattkio .info
TG: https://t. me/Kfoaksaof10293sbba
Source: https://twitter.com/malwrhunterteam/status/1240233889832017921

APKLab.io filters COVID-19 malware (samples, hostnames)

Search COVID-19 apps: https://www.apklab.io/covid19
Source: https://twitter.com/apklabio/status/1239922724031680513

CovidLock Ransomware

Distribution: coronavirusapp. site; bitly. com/3aGBBbx
Sample: https://www.virustotal.com/gui/file/6b74febe8a8cc8f4189eccc891bdfccebbc57580675af67b1b6f268f52adad9f/detection
Decryption key: 4865083501
Ransom note: https://pastebin.com/GK8qrfaC
Source: https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware

Figure 1. CovidLocker

Cerberus Banking Trojan

Distribution: coronaviruscovid19-information .com
Sample: https://www.virustotal.com/gui/file/1de6e6c140ff1b301b7df12d4b6388a21a6fbf0f141347dd2f9289740438a6d8/detection
C&C: botprivate .ug
TG channel: t .me/JmdG5Mjagtpw587dJpT6tDbieSinwcno
Payload: 136A6A2CEA75FA627D14C93353613769B2EEEEEA
Source: https://twitter.com/skeptre_void/status/1239543414581936130

Figure 2. Cerberus Banking Trojan

Android RAT (Remote Administration Tool)

Sample: https://www.virustotal.com/gui/file/107169ae6951a5cba57d2a0cd274e28fadf5c73d73e91a386f15cf4dc35edd38/detection
C&C: assdsiwi.ddns .net
Payload: https://www.virustotal.com/gui/file/bcab89c43b0252d44a028c4fa46702c401663d70cf445d0b46c5e68ae3980b27/detection
Source: https://twitter.com/LukasStefanko/status/1239494265618694147

Figure 3. Android RAT

Metasploit

Samples: https://www.virustotal.com/gui/file/da8a58070bcad4977bddde113394d67c12fe551ec1395e040b0a8220265b036c/detection
https://www.virustotal.com/gui/file/c4500fd797bb6c5131bc89bb5bf24d06333df79581f2b8358103cad4c08e89d5/detection
Source: https://twitter.com/virqdroid/status/1238974151492349955

HiddenAd

Sample: https://www.virustotal.com/gui/file/fda00f16443a931f476c724d8b2cfb7311833bf5380038f221c5cf875dd20c4f/detection
Source: https://twitter.com/malwrhunterteam/status/1238733785744773121

Cerberus Banking Trojan

Distribution: coronavirus-apps[.]com
Sample: https://www.virustotal.com/gui/file/9832b1ade1907849fd7091e85f2c24bd8a4488ecd96f0638fc979d8858b25196/detection
C&C: http://botduke1 .ug
TG: https://t .me/botduke1
Payload: 25B3D36D28C2F4FEF6C77DB8BDFE8E9B1B970657
Source: https://twitter.com/1ZRR4H/status/1239751485312970753

Figure 4. Cerberus Banking Trojan (source: Germán Fernández)

Cerberus Banking Trojan

Distribution: https://covid19-info[.]online
Sample: https://www.virustotal.com/gui/file/f57a44bec2f7af2da443f068edb0a743f9625ac3a9d686393bacb8e72274b5de/detection
C&C: scargkanesiki. info
TG: https://t. me/agkakkkksdkaksd
Payload: https://www.virustotal.com/gui/file/ebcdce55f409e5c4ed10144749f5b82bf0d94e4ee715595aa4a267f05b05c301/detection
Source: https://twitter.com/malwrhunterteam/status/1239484525199179777

Anubis

Sample: https://www.virustotal.com/gui/file/889392ed44a613bb3618f6b9a05a663f801c9cd7086ff8d3d7531c3bc57d97be/details
C&C: http://update-apk .net
Targets around 210 banking apps
Source: https://twitter.com/malwrhunterteam/status/1239887832073875456