I’m analysing #KevDroid samples the new #Android #malware discovered several days ago by #ESTSecurityhttp://blog.alyac.co.kr/1587
-
-
-
2 more samples signed by the same “kevin”: * b318ec859422cbb46322b036d5e276cf7a6afc459622e845461e40a328ca263e * f33aedfe5ebc918f5489e1f8a9fe19b160f112726e7ac2687e429695723bca6a I uploaded them to
@virusbay_iopic.twitter.com/j6fnBxQQo0
Show this thread -
Nothing shady here: the launcher activity of the payload is called MainTransparentActivity and start a RootingTask :Dpic.twitter.com/71LAecJAAb
Show this thread -
To give you an idea of the payload capabilities, this screenshot is the list of all the available actionspic.twitter.com/FGyKu9VtL1
Show this thread -
This is the list of the command types, in this sample not everything is usedpic.twitter.com/UDmTlcSUIh
Show this thread
End of conversation
New conversation -
-
-
"While both downloaders contacted the same URL to download their payloads, looking further into their code [..] they were each written to respectively download and drop one specific variant of Reaper’s Android spyware."
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.