Untitled

forensic blog
mobile phone forensics and mobile malware
Current Android Malware
Here is the full list of Android-Malware-Families with their main capabilities. We will try to keep this table up-to-date. We took one sample of each family for the data within this table.

Description Capabilities

AccuTrack
This application turns an Android smartphone into a GPS tracker.

Ackposts
This Trojan steals contact information from the compromised device and uploads them to a remote server.

Acnetdoor
This Trojan opens a backdoor on the infected device and sends the IP address to a remote server.

Adsms
This is a Trojan which is allowed to send SMS messages. The distribution channel of this malware is through a SMS message containing the download link.

Airpush/StopSMS
Airpush is a very aggresive Ad-Network.

AnServer/Answerbot
Opens a backdoor in Android devices and is able to steal personal information which will be uploaded to a remote server afterwards.

Antares/Antammi
This is a Trojan which steals personal information from the infected device.

Arspam
This malware represent the first stage of politically-motivated hacking (hacktivism) on mobile platforms.

AVPass
This malware family tries to detect and circumvent Android security tools (like AntiVirus apps) installed on the infected device. Afterwards, the app tries to steal sensitive data and receives additional comands via SMS.

BackFlash/Crosate
This malicious app installs a fake Flash plugin that registeres itself as device administrator and leaks sensitive information.

Badaccents
This malware claims to download a copy of “The Interview” but instead installs a two-stage banking Trojan onto victims’ devices.

Badnews
Once activated, BadNews polls its C&C-Server every four hours for new instructions while pushing several pieces of sensitive information including the device’s phone number and IMEI up to the server.

BankBot
This malware tries to steal users’ confidential information and money from bank and mobile accounts associated with infected devices.

Basebridge
Forwards confidential details (SMS, IMSI, IMEI) to a remote server.

BeanBot
This is a Trojan which is allowed to send SMS messages and which is controlled by a C&C-Server.

Beita
A simple info stealer.

Binv
This malware is a classical Banking-Trojan that is targeting Brazilian users of Android devices.

BgServ
Obtains the user’s phone information (IMEI, phone number, etc.). The information is then uploaded to a specific URL.

Biige
This spyware records SMS messages, calls, location, etc. and uploads these data to a remote server.

Booster
This application steals personal information and uploads these data to a remote server.

Boxer
This trojan sends SMS messages to premium rated numbers.

Cajino
This malware is a classical RAT that tries to exfiltrate sensitive information. What makes this sample special is that it is using Baidu Cloud Push service for communication.

Carberp
Tries to steal confidential banking authentication codes (mTAN messages) sent to the infected device.

Cawitt
This application steals personal information and uploads these data to a remote server.

Cellspy
This application is a smartphone tracker.

Chulli
This malware family was used within in targeted attack. The e-mail account of a high-profile Tibetan activist was hacked and used to send targeted attacks to other activists and human rights advocates. After a mobile device gets infected, it connects to a C&C-Server and waits for SMS commands to leak sensitive data to this server.

Code4hk/xRAT
This malware has been used within targeted attacks in Asia and tries to exfiltrate the geolocation of the victim as well as voice recordings. The malicious sample is spreading through WhatsApp messages.

Coogos
Backdoor Trojan which has the capability to receive a remote connection from a malicious hacker and perform actions against the compromised system.

CopyCat
Is a aggressive and malicious ad network. The main goal is to generate revenue.

Cosha
This applications monitor the infected device and send perso