Hide Navigation Hide TOC

Edit

Android

Android malware galaxy based on multiple open sources.

Authors

Authors and/or Contributors
Unknown

CopyCat

CopyCat is a fully developed malware with vast capabilities, including rooting devices, establishing persistency, and injecting code into Zygote – a daemon responsible for launching apps in the Android operating system – that allows the malware to control any activity on the device.

Internal MISP references

UUID 40aa797a-ee87-43a1-8755-04d040dbea28 which can be used as unique global reference for CopyCat in MISP communities and other software using the MISP galaxy

External references

• https://blog.checkpoint.com/2017/07/06/how-the-copycat-malware-infected-android-devices-around-the-world/ - webarchive

Associated metadata

Metadata key	Value

Andr/Dropr-FH

Andr/Dropr-FH can silently record audio and video, monitor texts and calls, modify files, and ultimately spawn ransomware.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Andr/Dropr-FH.

Known Synonyms
GhostCtrl

Internal MISP references

UUID a01e1d0b-5303-4d11-94dc-7db74f3d599d which can be used as unique global reference for Andr/Dropr-FH in MISP communities and other software using the MISP galaxy

External references

• https://nakedsecurity.sophos.com/2017/07/21/watch-out-for-the-android-malware-that-snoops-on-your-phone/ - webarchive
• https://www.neowin.net/news/the-ghostctrl-android-malware-can-silently-record-your-audio-and-steal-sensitive-data - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Judy

The malware, dubbed Judy, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.

Internal MISP references

UUID 1a73ceaf-7054-4882-be82-8994805676fc which can be used as unique global reference for Judy in MISP communities and other software using the MISP galaxy

External references

• http://fortune.com/2017/05/28/android-malware-judy/ - webarchive
• https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/ - webarchive

Associated metadata

Metadata key	Value

RedAlert2

The trojan waits in hiding until the user opens a banking or social media app. When this happens, the trojan shows an HTML-based overlay on top of the original app, alerting the user of an error, and asking to reauthenticate. Red Alert then collects the user's credentials and sends them to its C&C server.

Internal MISP references

UUID d10f8cd5-0077-4d8f-9145-03815a68dd33 which can be used as unique global reference for RedAlert2 in MISP communities and other software using the MISP galaxy

External references

• https://www.bleepingcomputer.com/news/security/researchers-discover-new-android-banking-trojan/ - webarchive
• https://www.threatfabric.com/blogs/new_android_trojan_targeting_over_60_banks_and_social_apps.html - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Tizi

Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications. The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities. The team used this app to find more applications in the Tizi family, the oldest of which is from October 2015. The Tizi app developer also created a website and used social media to encourage more app installs from Google Play and third-party websites.

Internal MISP references

UUID 8f374460-aa58-4a31-98cb-58db42d0902a which can be used as unique global reference for Tizi in MISP communities and other software using the MISP galaxy

External references

• https://security.googleblog.com/2017/11/tizi-detecting-and-blocking-socially.html - webarchive

Associated metadata

Metadata key	Value

DoubleLocker

DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data requesting a ransom. It will misuse accessibility services after being installed by impersonating the Adobe Flash player - similar to BankBot.

Internal MISP references

UUID 6671bb0b-4fab-44a7-92f9-f641a887a0aa which can be used as unique global reference for DoubleLocker in MISP communities and other software using the MISP galaxy

External references

• https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/ - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Svpeng

Svpeng is a Banking trojan which acts as a keylogger. If the Android device is not Russian, Svpeng will ask for permission to use accessibility services. In abusing this service it will gain administrator rights allowing it to draw over other apps, send and receive SMS and take screenshots when keys are pressed.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Svpeng.

Known Synonyms
Invisble Man

Internal MISP references

UUID 426ead34-b3e6-45c7-ba22-5b8f3b8214bd which can be used as unique global reference for Svpeng in MISP communities and other software using the MISP galaxy

External references

• https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/ - webarchive
• https://www.theregister.co.uk/2017/08/02/banking_android_malware_in_uk/ - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

LokiBot

LokiBot is a banking trojan for Android 4.0 and higher. It can steal the information and send SMS messages. It has the ability to start web browsers, and banking applications, along with showing notifications impersonating other apps. Upon attempt to remove it will encrypt the devices' external storage requiring Bitcoins to decrypt files.

Internal MISP references

UUID fbda9705-677b-4c5b-9b0b-13b52eff587c which can be used as unique global reference for LokiBot in MISP communities and other software using the MISP galaxy

External references

• https://clientsidedetection.com/lokibot___the_first_hybrid_android_malware.html - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

BankBot

The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications.

Internal MISP references

UUID 4ed03b03-a34f-4583-9db1-6c58a4bd952b which can be used as unique global reference for BankBot in MISP communities and other software using the MISP galaxy

External references

• https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbot - webarchive
• https://forensics.spreitzenbarth.de/android-malware/ - webarchive
• https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Viking Horde

In rooted devices, Viking Horde installs software and executes code remotely to get access to the mobile data.

Internal MISP references

UUID c62a6121-2ebc-4bee-a25a-5285bf33328a which can be used as unique global reference for Viking Horde in MISP communities and other software using the MISP galaxy

External references

• http://www.alwayson-network.com/worst-types-android-malware-2016/ - webarchive

Associated metadata

Metadata key	Value

HummingBad

A Chinese advertising company has developed this malware. The malware has the power to take control of devices; it forces users to click advertisements and download apps. The malware uses a multistage attack chain.

Internal MISP references

UUID f5cacc72-f02a-42d1-a020-7a59650086bb which can be used as unique global reference for HummingBad in MISP communities and other software using the MISP galaxy

External references

• http://www.alwayson-network.com/worst-types-android-malware-2016/ - webarchive
• http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Ackposts

Ackposts is a Trojan horse for Android devices that steals the Contacts information from the compromised device and sends it to a predetermined location.

Internal MISP references

UUID 8261493f-c9a3-4946-874f-fe8445aa7691 which can be used as unique global reference for Ackposts in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-072302-3943-99 - webarchive

Associated metadata

Metadata key	Value

Wirex

Wirex is a Trojan horse for Android devices that opens a backdoor on the compromised device which then joins a botnet for conducting click fraud.

Internal MISP references

UUID 0b4f1af0-e0fb-4148-b08c-f6782757752a which can be used as unique global reference for Wirex in MISP communities and other software using the MISP galaxy

External references

• https://krebsonsecurity.com/2017/08/tech-firms-team-up-to-take-down-wirex-android-ddos-botnet/ - webarchive
• http://www.zdnet.com/article/wirex-ddos-malware-given-udp-flood-capabilities/ - webarchive

Associated metadata

Metadata key	Value

WannaLocker

WannaLocker is a strain of ransomware for Android devices that encrypts files on the device's external storage and demands a payment to decrypt them.

Internal MISP references

UUID db4ddfc4-4f39-4e0b-905f-4703ed6b39b6 which can be used as unique global reference for WannaLocker in MISP communities and other software using the MISP galaxy

External references

• https://fossbytes.com/wannalocker-ransomware-wannacry-android/ - webarchive

Associated metadata

Metadata key	Value

Switcher

Switcher is a Trojan horse for Android devices that modifies Wi-Fi router DNS settings. Swticher attempts to infiltrate a router's admin interface on the devices' WIFI network by using brute force techniques. If the attack succeeds, Switcher alters the DNS settings of the router, making it possible to reroute DNS queries to a network controlled by the malicious actors.

Internal MISP references

UUID 60857664-0671-4b12-ade9-86ee6ecb026a which can be used as unique global reference for Switcher in MISP communities and other software using the MISP galaxy

External references

• http://www.zdnet.com/article/this-android-infecting-trojan-malware-uses-your-phone-to-attack-your-router/ - webarchive
• https://www.theregister.co.uk/2017/01/03/android_trojan_targets_routers/ - webarchive
• https://www.symantec.com/security_response/writeup.jsp?docid=2017-090410-0547-99 - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Vibleaker

Vibleaker was an app available on the Google Play Store named Beaver Gang Counter that contained malicious code that after specific orders from its maker would scan the user's phone for the Viber app, and then steal photos and videos recorded or sent through the app.

Internal MISP references

UUID 27354d65-ca90-4f73-b942-13046e61700c which can be used as unique global reference for Vibleaker in MISP communities and other software using the MISP galaxy

External references

• http://news.softpedia.com/news/malicious-android-app-steals-viber-photos-and-BankBot-505758.shtml - webarchive

Associated metadata

Metadata key	Value

ExpensiveWall

ExpensiveWall is Android malware that sends fraudulent premium SMS messages and charges users accounts for fake services without their knowledge

Internal MISP references

UUID 1484d72b-54d0-41b7-a9fa-18db9e9e5c69 which can be used as unique global reference for ExpensiveWall in MISP communities and other software using the MISP galaxy

External references

• https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/ - webarchive
• http://fortune.com/2017/09/14/google-play-android-malware/ - webarchive

Associated metadata

Metadata key	Value

Cepsohord

Cepsohord is a Trojan horse for Android devices that uses compromised devices to commit click fraud, modify DNS settings, randomly delete essential files, and download additional malware such as ransomware.

Internal MISP references

UUID 05b0c492-e1ef-4352-a714-b813e54b9032 which can be used as unique global reference for Cepsohord in MISP communities and other software using the MISP galaxy

External references

• https://www.cyber.nj.gov/threat-profiles/android-malware-variants/cepsohord - webarchive

Associated metadata

Metadata key	Value

Fakem Rat

Fakem RAT makes their network traffic look like well-known protocols (e.g. Messenger traffic, HTML pages).

Internal MISP references

UUID c657075e-3ffb-4748-bfe2-f40c3527739f which can be used as unique global reference for Fakem Rat in MISP communities and other software using the MISP galaxy

External references

• https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf - webarchive
• https://www.symantec.com/security_response/writeup.jsp?docid=2016-012608-1538-99 - webarchive

Associated metadata

Metadata key	Value

GM Bot

GM Bot – also known as Acecard, SlemBunk, or Bankosy – scams people into giving up their banking log-in credentials and other personal data by displaying overlays that look nearly identical to banking apps log-in pages. Subsequently, the malware intercepts SMS to obtain two-factor authentication PINs, giving cybercriminals full access to bank accounts.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular GM Bot.

Known Synonyms
Acecard
Bankosy
SlemBunk

Internal MISP references

UUID 3d3aa832-8847-47c5-9e31-ef13ab7ab6fb which can be used as unique global reference for GM Bot in MISP communities and other software using the MISP galaxy

External references

• https://blog.avast.com/android-trojan-gm-bot-is-evolving-and-targeting-more-than-50-banks-worldwide - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Moplus

The Wormhole vulnerability in the Moplus SDK could be exploited by hackers to open an unsecured and unauthenticated HTTP server connection on the user’s device, and this connection is established in the background without the user’s knowledge.

Internal MISP references

UUID d3f2ec07-4af3-4b3b-9cf0-2dba08bf5e68 which can be used as unique global reference for Moplus in MISP communities and other software using the MISP galaxy

External references

• http://securityaffairs.co/wordpress/41681/hacking/100m-android-device-baidu-moplus-sdk.html - webarchive

Associated metadata

Metadata key	Value

Adwind

Adwind is a backdoor written purely in Java that targets system supporting the Java runtime environment. Commands that can be used, among other things, to display messages on the system, open URLs, update the malware, download/execute files, and download/load plugins. According to the author, the backdoor component can run on Windows, Mac OS, Linux and Android platforms providing rich capabilities for remote control, data gathering, data exfiltration and lateral movement.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Adwind.

Known Synonyms
AlienSpy
Backdoor:Java/Adwind
Frutas
Jsocket
Sockrat
Unrecom
jRat

Internal MISP references

UUID ce1a9641-5bb8-4a61-990a-870e9ef36ac1 which can be used as unique global reference for Adwind in MISP communities and other software using the MISP galaxy

External references

• https://securelist.com/adwind-faq/73660/ - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

AdSms

Adsms is a Trojan horse that may send SMS messages from Android devices.

Internal MISP references

UUID 55b6621f-f928-4530-8271-5150e5f39211 which can be used as unique global reference for AdSms in MISP communities and other software using the MISP galaxy

External references

• https://www.fortiguard.com/encyclopedia/virus/7389670 - webarchive
• https://www.symantec.com/security_response/writeup.jsp?docid=2011-051313-4039-99 - webarchive

Associated metadata

Metadata key	Value

Airpush

Airpush is a very aggresive Ad - Network

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Airpush.

Known Synonyms
StopSMS

Internal MISP references

UUID 1393cccf-19c0-4cc8-8488-8156672d87ba which can be used as unique global reference for Airpush in MISP communities and other software using the MISP galaxy

External references

• https://crypto.stanford.edu/cs155old/cs155-spring16/lectures/18-mobile-malware.pdf - webarchive

Associated metadata

Metadata key	Value

BeanBot

BeanBot forwards device's data to a remote server and sends out premium-rate SMS messages from the infected device.

Internal MISP references

UUID 8dbacb31-2ae9-4c0a-bf62-d017b802d345 which can be used as unique global reference for BeanBot in MISP communities and other software using the MISP galaxy

External references

• https://www.f-secure.com/v-descs/trojan_android_beanbot.shtml - webarchive

Associated metadata

Metadata key	Value

Kemoge

Kemoge is adware that disguises itself as popular apps via repackaging, then allows for a complete takeover of the users Android device.

Internal MISP references

UUID 0c769e82-df28-4f65-97f5-7f3d88488f2e which can be used as unique global reference for Kemoge in MISP communities and other software using the MISP galaxy

External references

• https://www.fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html - webarchive
• https://www.symantec.com/security_response/writeup.jsp?docid=2015-101207-3555-99 - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Ghost Push

Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious software, masquerading as a system app, and then losing root access, which then makes it virtually impossible to remove the infection even by factory reset unless the firmware is reflashed.

Internal MISP references

UUID c878cdfc-ab8b-40f1-9173-e62a51e6f804 which can be used as unique global reference for Ghost Push in MISP communities and other software using the MISP galaxy

External references

• https://en.wikipedia.org/wiki/Ghost_Push - webarchive
• https://blog.avast.com/how-to-protect-your-android-device-from-ghost-push - webarchive

Associated metadata

Metadata key	Value

BeNews

The BeNews app is a backdoor app that uses the name of defunct news site BeNews to appear legitimate. After installation it bypasses restrictions and downloads additional threats to the compromised device.

Internal MISP references

UUID 281cf173-d547-4b37-a372-447caab577be which can be used as unique global reference for BeNews in MISP communities and other software using the MISP galaxy

External references

• http://blog.trendmicro.com/trendlabs-security-intelligence/fake-news-app-in-hacking-team-dump-designed-to-bypass-google-play/ - webarchive

Associated metadata

Metadata key	Value

Accstealer

Accstealer is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID cbc1c053-5ee8-40c9-96c2-431ac6852fe1 which can be used as unique global reference for Accstealer in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-012711-1159-99 - webarchive

Associated metadata

Metadata key	Value

Acnetdoor

Acnetdoor is a detection for Trojan horses on the Android platform that open a back door on the compromised device.

Internal MISP references

UUID b36f7ce2-e208-4879-9a3f-58623727f887 which can be used as unique global reference for Acnetdoor in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-051611-4258-99 - webarchive

Associated metadata

Metadata key	Value

Acnetsteal

Acnetsteal is a detection for Trojan horses on the Android platform that steal information from the compromised device.

Internal MISP references

UUID dbbc6b6f-fa87-4fdc-880d-7c22c2723c58 which can be used as unique global reference for Acnetsteal in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-051612-0505-99 - webarchive

Associated metadata

Metadata key	Value

Actech

Actech is a Trojan horse for Android devices that steals information and sends it to a remote location.

Internal MISP references

UUID 0bf67f5b-0bcc-41e0-8db9-2b8df8cf1d03 which can be used as unique global reference for Actech in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-080111-3948-99 - webarchive

Associated metadata

Metadata key	Value

AdChina

AdChina is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 33a06139-1c18-4a9a-b86b-440c43266b15 which can be used as unique global reference for AdChina in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032814-2947-99 - webarchive

Associated metadata

Metadata key	Value

Adfonic

Adfonic is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID a02b2327-525a-4343-9c76-64f2c984c536 which can be used as unique global reference for Adfonic in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052615-0024-99 - webarchive

Associated metadata

Metadata key	Value

AdInfo

AdInfo is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID a1737465-7af6-4362-b938-3a3fa737ebb7 which can be used as unique global reference for AdInfo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-2433-99 - webarchive

Associated metadata

Metadata key	Value

Adknowledge

Adknowledge is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID dd626b23-173c-4737-b9d7-c44571c1abb3 which can be used as unique global reference for Adknowledge in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052822-1033-99 - webarchive

Associated metadata

Metadata key	Value

AdMarvel

AdMarvel is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 6eb47eef-898e-4d74-9f85-ac9c99250e9b which can be used as unique global reference for AdMarvel in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-060621-2450-99 - webarchive

Associated metadata

Metadata key	Value

AdMob

AdMob is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 932d18c5-6332-4334-83fc-4af3c46a4992 which can be used as unique global reference for AdMob in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052822-3437-99 - webarchive

Associated metadata

Metadata key	Value

Adrd

Adrd is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID 121b8084-fdfd-4746-9675-cf8a191bf6d9 which can be used as unique global reference for Adrd in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-021514-4954-99 - webarchive

Associated metadata

Metadata key	Value

Aduru

Aduru is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 3476c6dd-3cb0-443d-8668-0f731616b068 which can be used as unique global reference for Aduru in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052618-2419-99 - webarchive

Associated metadata

Metadata key	Value

Adwhirl

Adwhirl is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 6fe8fd1b-a7d9-4ece-95f5-fdaaa0acd797 which can be used as unique global reference for Adwhirl in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052918-1414-99 - webarchive

Associated metadata

Metadata key	Value

Adwlauncher

Adwlauncher is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 8ee649b6-8379-4b01-8997-dc7c82e22bb5 which can be used as unique global reference for Adwlauncher in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-082308-1823-99 - webarchive

Associated metadata

Metadata key	Value

Adwo

Adwo is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 5c979585-51c3-427c-a23d-cbe43083ce2d which can be used as unique global reference for Adwo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032814-5806-99 - webarchive

Associated metadata

Metadata key	Value

Airad

Airad is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 5824688f-e91c-44ab-ae2e-392299e9d071 which can be used as unique global reference for Airad in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032815-1704-99 - webarchive

Associated metadata

Metadata key	Value

Alienspy

Alienspy is a Trojan horse for Android devices that steals information from the compromised device. It may also download potentially malicious files.

Internal MISP references

UUID 680a1677-9bff-4285-9394-62b1ce096c84 which can be used as unique global reference for Alienspy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-042714-5942-99 - webarchive

Associated metadata

Metadata key	Value

AmazonAds

AmazonAds is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 3a94a731-4566-4cc5-8c01-d651dc11b8a5 which can be used as unique global reference for AmazonAds in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052618-5002-99 - webarchive

Associated metadata

Metadata key	Value

Answerbot

Answerbot is a Trojan horse that opens a back door on Android devices.

Internal MISP references

UUID b8f8d1c1-5f33-4b13-8ecf-2383e3213713 which can be used as unique global reference for Answerbot in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-100711-2129-99 - webarchive

Associated metadata

Metadata key	Value

Antammi

Antammi is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID bbc13ff1-0cee-4c30-a864-2c6a341ac365 which can be used as unique global reference for Antammi in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-032106-5211-99 - webarchive

Associated metadata

Metadata key	Value

Apkmore

Apkmore is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID f45b87cf-6811-427c-84ff-027898b0592a which can be used as unique global reference for Apkmore in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040113-4813-99 - webarchive

Associated metadata

Metadata key	Value

Aplog

Aplog is a Trojan horse for Android devices that steals information from the device.

Internal MISP references

UUID 600da14d-a959-4a06-9a13-85ff50cb05b4 which can be used as unique global reference for Aplog in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-100911-1023-99 - webarchive

Associated metadata

Metadata key	Value

Appenda

Appenda is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 1840c69b-f340-444e-a4e5-ac324c8214eb which can be used as unique global reference for Appenda in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-062812-0516-99 - webarchive

Associated metadata

Metadata key	Value

Apperhand

Apperhand is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 2c199154-888b-4444-8d21-622ed62e6e63 which can be used as unique global reference for Apperhand in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032815-5637-99 - webarchive

Associated metadata

Metadata key	Value

Appleservice

Appleservice is a Trojan horse for Android devices that may steal information from the compromised device.

Internal MISP references

UUID 920b0561-abc9-409e-92b1-3b13b7d21a06 which can be used as unique global reference for Appleservice in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031011-4321-99 - webarchive

Associated metadata

Metadata key	Value

AppLovin

AppLovin is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID e212433e-6dac-40ab-8793-8dcfe4a1538f which can be used as unique global reference for AppLovin in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040112-1739-99 - webarchive

Associated metadata

Metadata key	Value

Arspam

Arspam is a Trojan horse for Android devices that sends spam SMS messages to contacts on the compromised device.

Internal MISP references

UUID e565a78c-8fa8-419b-b235-1fafa500686c which can be used as unique global reference for Arspam in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-121915-3251-99 - webarchive

Associated metadata

Metadata key	Value

Aurecord

Aurecord is a spyware application for Android devices that allows the device it is installed on to be monitored.

Internal MISP references

UUID 80a800a7-01ec-4712-9d2b-2382f7bf9201 which can be used as unique global reference for Aurecord in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031914-2310-99 - webarchive

Associated metadata

Metadata key	Value

Backapp

Backapp is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID a4100d65-78d0-47ec-b939-709447641bab which can be used as unique global reference for Backapp in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-092708-5017-99 - webarchive

Associated metadata

Metadata key	Value

Backdexer

Backdexer is a Trojan horse for Android devices that may send premium-rate SMS messages from the compromised device.

Internal MISP references

UUID 27c289c7-a661-4322-9c21-8053f347e457 which can be used as unique global reference for Backdexer in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-121812-2502-99 - webarchive

Associated metadata

Metadata key	Value

Backflash

Backflash is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Internal MISP references

UUID da8cc77b-a26d-43da-a47a-a50892c08edd which can be used as unique global reference for Backflash in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-091714-0427-99 - webarchive

Associated metadata

Metadata key	Value

Backscript

Backscript is a Trojan horse for Android devices that downloads files onto the compromised device.

Internal MISP references

UUID d9f11a96-5f9a-48b6-9dac-735ca4fca4d2 which can be used as unique global reference for Backscript in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-090704-3639-99 - webarchive

Associated metadata

Metadata key	Value

Badaccents

Badaccents is a Trojan horse for Android devices that may download apps on the compromised device.

Internal MISP references

UUID 1442e5a8-d2cf-48cd-86e5-276a9dfc0bae which can be used as unique global reference for Badaccents in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-123015-3618-99 - webarchive

Associated metadata

Metadata key	Value

Badpush

Badpush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID ceacaa80-471e-4e38-b648-78b000771076 which can be used as unique global reference for Badpush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040311-4133-99 - webarchive

Associated metadata

Metadata key	Value

Ballonpop

Ballonpop is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 6f957cc5-467b-4465-b14d-ccc6f2206543 which can be used as unique global reference for Ballonpop in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-120911-1731-99 - webarchive

Associated metadata

Metadata key	Value

Bankosy

Bankosy is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 620981e8-49c8-486a-b30c-359702c8ffbc which can be used as unique global reference for Bankosy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99 - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Bankun

Bankun is a Trojan horse for Android devices that replaces certain banking applications on the compromised device.

Internal MISP references

UUID bc45ca3c-a6fa-408d-bfab-cc845ffde1e2 which can be used as unique global reference for Bankun in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-072318-4143-99 - webarchive

Associated metadata

Metadata key	Value

Basebridge

Basebridge is a Trojan horse that attempts to send premium-rate SMS messages to predetermined numbers.

Internal MISP references

UUID 9ae60aaa-bcdb-46a1-a1da-d779cb13cb2b which can be used as unique global reference for Basebridge in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-060915-4938-99 - webarchive

Associated metadata

Metadata key	Value

Basedao

Basedao is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 9d625454-80a7-4c56-bb90-c0a678c6dec1 which can be used as unique global reference for Basedao in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-061715-3303-99 - webarchive

Associated metadata

Metadata key	Value

Batterydoctor

Batterydoctor is Trojan that makes exaggerated claims about the device's ability to recharge the battery, as well as steal information.

Internal MISP references

UUID 5bd321b1-afef-482f-b160-2e209dffb390 which can be used as unique global reference for Batterydoctor in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-101916-0847-99 - webarchive

Associated metadata

Metadata key	Value

Beaglespy

Beaglespy is an Android mobile detection for the Beagle spyware program as well as its associated client application.

Internal MISP references

UUID 2e3ad1af-e24c-4b1c-87cb-360dab4d90a9 which can be used as unique global reference for Beaglespy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-091010-0627-99 - webarchive

Associated metadata

Metadata key	Value

Becuro

Becuro is a Trojan horse for Android devices that downloads potentially malicious files onto the compromised device.

Internal MISP references

UUID dd83dbc7-9ffa-4ca7-a8c3-6b27bde4c3bd which can be used as unique global reference for Becuro in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-051410-3348-99 - webarchive

Associated metadata

Metadata key	Value

Beita

Beita is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 4baa74be-682f-4a38-b4b1-aceba8f48009 which can be used as unique global reference for Beita in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-110111-1829-99 - webarchive

Associated metadata

Metadata key	Value

Bgserv

Bgserv is a Trojan that opens a back door and transmits information from the device to a remote location.

Internal MISP references

UUID e4a18a09-09ed-4ca8-93b8-be946e9f560c which can be used as unique global reference for Bgserv in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-031005-2918-99 - webarchive

Associated metadata

Metadata key	Value

Biigespy

Biigespy is an Android mobile detection for the Biige spyware program as well as its associated client application.

Internal MISP references

UUID 7a46c9c6-9af5-41e6-a625-aa14009c528e which can be used as unique global reference for Biigespy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-091012-0526-99 - webarchive

Associated metadata

Metadata key	Value

Bmaster

Bmaster is a Trojan horse on the Android platform that opens a back door, downloads files and steals potentially confidential information from the compromised device.

Internal MISP references

UUID 9ac3232d-b533-44d6-9b73-4341e2cba4b4 which can be used as unique global reference for Bmaster in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-020609-3003-99 - webarchive

Associated metadata

Metadata key	Value

Bossefiv

Bossefiv is a Trojan horse for Android devices that steals information.

Internal MISP references

UUID 45d85c09-8bed-4c4e-b1d1-4784737734a5 which can be used as unique global reference for Bossefiv in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-061520-4322-99 - webarchive

Associated metadata

Metadata key	Value

Boxpush

Boxpush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 412bb5c6-a5fd-4f36-939e-47f87cc3edae which can be used as unique global reference for Boxpush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040207-4613-99 - webarchive

Associated metadata

Metadata key	Value

Burstly

Burstly is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 74053925-b076-47b0-8c23-bb90ff89653c which can be used as unique global reference for Burstly in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052918-1443-99 - webarchive

Associated metadata

Metadata key	Value

Buzzcity

Buzzcity is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 604430f2-8109-40a6-8224-39d2790914e5 which can be used as unique global reference for Buzzcity in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052918-1454-99 - webarchive

Associated metadata

Metadata key	Value

ByPush

ByPush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 7c373640-5830-4f23-b122-3fb4f7af0b64 which can be used as unique global reference for ByPush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040315-4708-99 - webarchive

Associated metadata

Metadata key	Value

Cajino

Cajino is a Trojan horse for Android devices that opens a back door on the compromised device.

Internal MISP references

UUID 388ed802-54bc-4cf0-899e-92fed27df5e1 which can be used as unique global reference for Cajino in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-040210-3746-99 - webarchive

Associated metadata

Metadata key	Value

Casee

Casee is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID f48a667a-a74d-4c04-80a2-a257cd8e29cc which can be used as unique global reference for Casee in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052919-3501-99 - webarchive

Associated metadata

Metadata key	Value

Catchtoken

Catchtoken is a Trojan horse for Android devices that intercepts SMS messages and opens a back door on the compromised device.

Internal MISP references

UUID ec37c5db-0497-440b-a7bc-4e28dc5c95f4 which can be used as unique global reference for Catchtoken in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-121619-0548-99 - webarchive

Associated metadata

Metadata key	Value

Cauly

Cauly is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID b5db1360-91fc-4dc3-8520-d00f9f3601ce which can be used as unique global reference for Cauly in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052919-3454-99 - webarchive

Associated metadata

Metadata key	Value

Cellshark

Cellshark is a spyware application for Android devices that periodically gathers information from the device and uploads it to a predetermined location.

Internal MISP references

UUID 471e6971-ab43-4b59-917c-5cdd5b8fd531 which can be used as unique global reference for Cellshark in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-111611-0914-99 - webarchive

Associated metadata

Metadata key	Value

Centero

Centero is a Trojan horse for Android devices that displays advertisements on the compromised device.

Internal MISP references

UUID a9595906-adcf-4a08-9f71-f2eb2199cb87 which can be used as unique global reference for Centero in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-053006-2502-99 - webarchive

Associated metadata

Metadata key	Value

Chuli

Chuli is a Trojan horse for Android devices that opens a back door and may steal information from the compromised device.

Internal MISP references

UUID f2f3e65a-5e46-45e9-aa23-addd841ba3c6 which can be used as unique global reference for Chuli in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-032617-1604-99 - webarchive

Associated metadata

Metadata key	Value

Citmo

Citmo is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID e271a188-fc07-4f03-a047-d96ea64ee1e5 which can be used as unique global reference for Citmo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-030715-5012-99 - webarchive

Associated metadata

Metadata key	Value

Claco

Claco is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 2a7c2aff-9e7f-4358-9196-477042fc2f5b which can be used as unique global reference for Claco in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-020415-5600-99 - webarchive

Associated metadata

Metadata key	Value

Clevernet

Clevernet is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 76090f4b-eb03-42c0-90bb-9337d1a20d74 which can be used as unique global reference for Clevernet in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040107-5257-99 - webarchive

Associated metadata

Metadata key	Value

Cnappbox

Cnappbox is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID d343483b-909c-490a-827e-3a2c9d6ad033 which can be used as unique global reference for Cnappbox in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040215-1141-99 - webarchive

Associated metadata

Metadata key	Value

Cobblerone

Cobblerone is a spyware application for Android devices that can track the phone's location and remotely erase the device.

Internal MISP references

UUID 4863856a-9899-42a2-b02c-449aaa5a8258 which can be used as unique global reference for Cobblerone in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-111514-3846-99 - webarchive

Associated metadata

Metadata key	Value

Coolpaperleak

Coolpaperleak is a Trojan horse for Android devices that steals information and sends it to a remote location.

Internal MISP references

UUID 272b75a0-a77f-44eb-ba7f-b68804d3506d which can be used as unique global reference for Coolpaperleak in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-080211-5757-99 - webarchive

Associated metadata

Metadata key	Value

Coolreaper

Coolreaper is a Trojan horse for Android devices that opens a back door on the compromised device. It may also steal information and download potentially malicious files.

Internal MISP references

UUID f2646118-fa1d-4e6a-9115-033ba1e05b21 which can be used as unique global reference for Coolreaper in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-011220-3211-99 - webarchive

Associated metadata

Metadata key	Value

Cosha

Cosha is a spyware program for Android devices that monitors and sends certain information to a remote location.

Internal MISP references

UUID 045d0e45-ce4d-4b51-92c8-111013b3b972 which can be used as unique global reference for Cosha in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-081712-5231-99 - webarchive

Associated metadata

Metadata key	Value

Counterclank

Counterclank is a Trojan horse for Android devices that steals information.

Internal MISP references

UUID 95b527d5-d90c-4c37-973f-1dc83da6511e which can be used as unique global reference for Counterclank in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-012709-4046-99 - webarchive

Associated metadata

Metadata key	Value

Crazymedia

Crazymedia is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID a08d4206-92b7-4b0e-9267-24eb4acf737f which can be used as unique global reference for Crazymedia in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040312-2547-99 - webarchive

Associated metadata

Metadata key	Value

Crisis

Crisis is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Internal MISP references

UUID c17f6e4b-70c5-42f8-a91b-19d73485bd04 which can be used as unique global reference for Crisis in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-071409-0636-99 - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Crusewind

Crusewind is a Trojan horse for Android devices that sends SMS messages to a premium-rate number.

Internal MISP references

UUID 67c624e1-89a0-4581-9fa3-de4864a03aab which can be used as unique global reference for Crusewind in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-070301-5702-99 - webarchive

Associated metadata

Metadata key	Value

Dandro

Dandro is a Trojan horse for Android devices that allows a remote attacker to gain control over the device and steal information from it.

Internal MISP references

UUID a5bff39e-804e-4c62-b5fb-7a7e32069a7d which can be used as unique global reference for Dandro in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-012916-2128-99 - webarchive

Associated metadata

Metadata key	Value

Daoyoudao

Daoyoudao is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 939f5057-635a-46e7-b15a-fb301258d0f9 which can be used as unique global reference for Daoyoudao in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040214-5018-99 - webarchive

Associated metadata

Metadata key	Value

Deathring

Deathring is a Trojan horse for Android devices that may perform malicious activities on the compromised device.

Internal MISP references

UUID 07ca0660-3391-4cb1-900c-a1ad38980b06 which can be used as unique global reference for Deathring in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-121116-4547-99 - webarchive

Associated metadata

Metadata key	Value

Deeveemap

Deeveemap is a Trojan horse for Android devices that downloads potentially malicious files onto the compromised device.

Internal MISP references

UUID a23a5f71-affe-4f0e-aa8f-39a3967210ae which can be used as unique global reference for Deeveemap in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2017-060907-5221-99 - webarchive

Associated metadata

Metadata key	Value

Dendoroid

Dendoroid is a Trojan horse for Android devices that opens a back door, steals information, and may perform other malicious activities on the compromised device.

Internal MISP references

UUID f1a4a027-bb70-4279-9c59-c271ac264cbf which can be used as unique global reference for Dendoroid in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-030418-2633-99 - webarchive

Associated metadata

Metadata key	Value

Dengaru

Dengaru is a Trojan horse for Android devices that performs click-fraud from the compromised device.

Internal MISP references

UUID 2788d128-4c7a-4ed2-93c1-03125579251c which can be used as unique global reference for Dengaru in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-051113-4819-99 - webarchive

Associated metadata

Metadata key	Value

Diandong

Diandong is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 4fc012cf-dbbf-4200-af95-879eb668eb66 which can be used as unique global reference for Diandong in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040207-2453-99 - webarchive

Associated metadata

Metadata key	Value

Dianjin

Dianjin is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID bb9ff44c-eb04-4df3-8e17-967f59fee4f5 which can be used as unique global reference for Dianjin in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040107-0313-99 - webarchive

Associated metadata

Metadata key	Value

Dogowar

Dogowar is a Trojan horse on the Android platform that sends SMS texts to all contacts on the device. It is a repackaged version of a game application called Dog Wars, which can be downloaded from a third party market and must be manually installed.

Internal MISP references

UUID 397ed797-e2a9-423a-a485-e06b4633b37a which can be used as unique global reference for Dogowar in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-081510-4323-99 - webarchive

Associated metadata

Metadata key	Value

Domob

Domob is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID e99fe1de-4f88-4c69-95bc-87df65dc73ca which can be used as unique global reference for Domob in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-4235-99 - webarchive

Associated metadata

Metadata key	Value

Dougalek

Dougalek is a Trojan horse for Android devices that steals information from the compromised device. The threat is typically disguised to display a video.

Internal MISP references

UUID d06b78de-b9f1-474a-b243-c975bd55baed which can be used as unique global reference for Dougalek in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-041601-3400-99 - webarchive

Associated metadata

Metadata key	Value

Dowgin

Dowgin is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 8635a12e-4fa4-495e-b3c9-de4a01c1bc59 which can be used as unique global reference for Dowgin in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-033108-4723-99 - webarchive

Associated metadata

Metadata key	Value

Droidsheep

Droidsheep is a hacktool for Android devices that hijacks social networking accounts on compromised devices.

Internal MISP references

UUID 0ac34775-2323-4866-a540-913043aec431 which can be used as unique global reference for Droidsheep in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031014-3628-99 - webarchive

Associated metadata

Metadata key	Value

Dropdialer

Dropdialer is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number.

Internal MISP references

UUID d3aeb67a-6247-4a90-b7c2-971ced9dc7ef which can be used as unique global reference for Dropdialer in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-070909-0726-99 - webarchive

Associated metadata

Metadata key	Value

Dupvert

Dupvert is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. It may also perform other malicious activities.

Internal MISP references

UUID f8c910ed-6047-4628-a21a-2d5bf6895fd4 which can be used as unique global reference for Dupvert in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-072313-1959-99 - webarchive

Associated metadata

Metadata key	Value

Dynamicit

Dynamicit is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID e9df4254-31d9-45c3-80df-f6da15549ebb which can be used as unique global reference for Dynamicit in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040407-1346-99 - webarchive

Associated metadata

Metadata key	Value

Ecardgrabber

Ecardgrabber is an application that attempts to read details from NFC enabled credit cards. It attempts to read information from NFC enabled credit cards that are in close proximity.

Internal MISP references

UUID 70570b6a-7236-48cb-9b0d-e8495779f51d which can be used as unique global reference for Ecardgrabber in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-062215-0939-99 - webarchive

Associated metadata

Metadata key	Value

Ecobatry

Ecobatry is a Trojan horse for Android devices that steals information and sends it to a remote location.

Internal MISP references

UUID d8f4b1c3-7234-40ec-b944-8b22d2ba1fe7 which can be used as unique global reference for Ecobatry in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-080606-4102-99 - webarchive

Associated metadata

Metadata key	Value

Enesoluty

Enesoluty is a Trojan horse for Android devices that steals information and sends it to a remote location.

Internal MISP references

UUID 6d5be115-6245-456b-929c-3077987e65d4 which can be used as unique global reference for Enesoluty in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-090607-0807-99 - webarchive

Associated metadata

Metadata key	Value

Everbadge

Everbadge is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 36a6af63-035c-43ef-b534-0fe2f16462eb which can be used as unique global reference for Everbadge in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-3736-99 - webarchive

Associated metadata

Metadata key	Value

Ewalls

Ewalls is a Trojan horse for the Android operating system that steals information from the mobile device.

Internal MISP references

UUID ef424b45-fb8a-4e81-9b9e-5ebb8d9219ed which can be used as unique global reference for Ewalls in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2010-073014-0854-99 - webarchive

Associated metadata

Metadata key	Value

Exprespam

Exprespam is a Trojan horse for Android devices that displays a fake message and steals personal information stored on the compromised device.

Internal MISP references

UUID 043ee6fa-37de-4a2d-a888-95febf8a243c which can be used as unique global reference for Exprespam in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-010705-2324-99 - webarchive

Associated metadata

Metadata key	Value

Fakealbums

Fakealbums is a Trojan horse for Android devices that monitors and forwards received messages from the compromised device.

Internal MISP references

UUID 0399e18a-e047-4507-a66c-2503b00cd727 which can be used as unique global reference for Fakealbums in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-071819-0636-99 - webarchive

Associated metadata

Metadata key	Value

Fakeangry

Fakeangry is a Trojan horse on the Android platform that opens a back door, downloads files, and steals potentially confidential information from the compromised device.

Internal MISP references

UUID 6032b79e-68e7-4a9f-b913-8cb62e7c28e8 which can be used as unique global reference for Fakeangry in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-022823-4233-99 - webarchive

Associated metadata

Metadata key	Value

Fakeapp

Fakeapp is a Trojan horse for Android devices that downloads configuration files to display advertisements and collects information from the compromised device.

Internal MISP references

UUID 493c97f8-db6c-40ae-a06e-fa2a9d84d660 which can be used as unique global reference for Fakeapp in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-022805-4318-99 - webarchive

Associated metadata

Metadata key	Value

Fakebanco

Fakebanco is a Trojan horse for Android devices that redirects users to a phishing page in order to steal their information.

Internal MISP references

UUID 7714a6ee-3a75-42b2-ad4b-ec21da4259fd which can be used as unique global reference for Fakebanco in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-112109-5329-99 - webarchive

Associated metadata

Metadata key	Value

Fakebank

Fakebank is a Trojan horse that steals information from the compromised device.

Internal MISP references

UUID 4fba0b79-0be2-4471-9c1a-5a0295130ac2 which can be used as unique global reference for Fakebank in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-071813-2448-99 - webarchive

Associated metadata

Metadata key	Value

Fakebank.B

Fakebank.B is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Internal MISP references

UUID fb3083ad-5342-4913-9d48-f3abaf613878 which can be used as unique global reference for Fakebank.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-101114-5645-99 - webarchive

Associated metadata

Metadata key	Value

Fakebok

Fakebok is a Trojan horse for Android devices that sends SMS messages to premium phone numbers.

Internal MISP references

UUID 84318a88-5ed5-43e9-ae8d-143e7373a46d which can be used as unique global reference for Fakebok in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-021115-5153-99 - webarchive

Associated metadata

Metadata key	Value

Fakedaum

Fakedaum is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID b91c1aaf-4a06-40ec-b4b9-59e9da882697 which can be used as unique global reference for Fakedaum in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-061813-3630-99 - webarchive

Associated metadata

Metadata key	Value

Fakedefender

Fakedefender is a Trojan horse for Android devices that displays fake security alerts in an attempt to convince the user to purchase an app in order to remove non-existent malware or security risks from the device.

Internal MISP references

UUID 79a6bf32-d063-4b7c-a891-3dda49e31582 which can be used as unique global reference for Fakedefender in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-060301-4418-99 - webarchive

Associated metadata

Metadata key	Value

Fakedefender.B

Fakedefender.B is a Trojan horse for Android devices that displays fake security alerts in an attempt to convince the user to purchase an app in order to remove non-existent malware or security risks from the device.

Internal MISP references

UUID 26f660c5-c04b-4bb2-8169-5dc2dfe1c835 which can be used as unique global reference for Fakedefender.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-091013-3953-99 - webarchive

Associated metadata

Metadata key	Value

Fakedown

Fakedown is a Trojan horse for Android devices that downloads more malicious apps onto the compromised device.

Internal MISP references

UUID f43ef200-e9d8-4cca-bb63-ac3d70465fed which can be used as unique global reference for Fakedown in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-041803-5918-99 - webarchive

Associated metadata

Metadata key	Value

Fakeflash

Fakeflash is a Trojan horse for Android devices that installs a fake Flash application in order to direct users to a website.

Internal MISP references

UUID d2fe043a-8b6c-4aa2-8527-c51b7b44f9df which can be used as unique global reference for Fakeflash in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-070318-2122-99 - webarchive

Associated metadata

Metadata key	Value

Fakegame

Fakegame is a Trojan horse for Android devices that displays advertisements and steals information from the compromised device.

Internal MISP references

UUID 250a3e30-2025-486d-98fe-2fe1cf817451 which can be used as unique global reference for Fakegame in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-040808-2922-99 - webarchive

Associated metadata

Metadata key	Value

Fakeguard

Fakeguard is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 2c5798aa-e68c-4158-ba04-1db39512451f which can be used as unique global reference for Fakeguard in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-102908-3526-99 - webarchive

Associated metadata

Metadata key	Value

Fakejob

Fakejob is a Trojan horse for Android devices that redirects users to scam websites.

Internal MISP references

UUID ba8bf35c-187f-4acb-8b44-5ee288535679 which can be used as unique global reference for Fakejob in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-030721-3048-99 - webarchive

Associated metadata

Metadata key	Value

Fakekakao

Fakekakao is a Trojan horse for Android devices sends SMS messages to contacts stored on the compromised device.

Internal MISP references

UUID f0915277-0156-4832-b282-4447f4d06449 which can be used as unique global reference for Fakekakao in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-071617-2031-99 - webarchive

Associated metadata

Metadata key	Value

Fakelemon

Fakelemon is a Trojan horse for Android devices that blocks certain SMS messages and may subscribe to services without the user's consent.

Internal MISP references

UUID 398bd8d6-a7ee-4f51-a8ff-96d8b4ae93a5 which can be used as unique global reference for Fakelemon in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-120609-3608-99 - webarchive

Associated metadata

Metadata key	Value

Fakelicense

Fakelicense is a Trojan horse that displays advertisements on the compromised device.

Internal MISP references

UUID 21e5a963-ad8a-479b-b33e-35deb75f846d which can be used as unique global reference for Fakelicense in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-062709-1437-99 - webarchive

Associated metadata

Metadata key	Value

Fakelogin

Fakelogin is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 6bd49caa-59a2-4abf-86ea-7a2ebc7ed324 which can be used as unique global reference for Fakelogin in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-102108-5457-99 - webarchive

Associated metadata

Metadata key	Value

FakeLookout

FakeLookout is a Trojan horse for Android devices that opens a back door and steals information on the compromised device.

Internal MISP references

UUID caffc461-7415-4017-82bf-195df5d7791f which can be used as unique global reference for FakeLookout in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-101919-2128-99 - webarchive

Associated metadata

Metadata key	Value

FakeMart

FakeMart is a Trojan horse for Android devices that may send SMS messages to premium rate numbers. It may also block incoming messages and steal information from the compromised device.

Internal MISP references

UUID 6816561e-203f-4f6c-b85b-e4f51148e9e7 which can be used as unique global reference for FakeMart in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-081217-1428-99 - webarchive

Associated metadata

Metadata key	Value

Fakemini

Fakemini is a Trojan horse for Android devices that disguises itself as an installation for the Opera Mini browser and sends premium-rate SMS messages to a predetermined number.

Internal MISP references

UUID b40b23aa-5b2a-46bf-94ab-0bd0f9a896c9 which can be used as unique global reference for Fakemini in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-110410-5958-99 - webarchive

Associated metadata

Metadata key	Value

Fakemrat

Fakemrat is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Internal MISP references

UUID b61b0ca5-fd3c-4e65-af3f-7d4e9bc75e62 which can be used as unique global reference for Fakemrat in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2016-012608-1538-99 - webarchive

Associated metadata

Metadata key	Value

Fakeneflic

Fakeneflic is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID 58113e57-f6df-45f0-a058-b08a892c3903 which can be used as unique global reference for Fakeneflic in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-101105-0518-99 - webarchive

Associated metadata

Metadata key	Value

Fakenotify

Fakenotify is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers, collects and sends information, and periodically displays Web pages. It also downloads legitimate apps onto the compromised device.

Internal MISP references

UUID 9dbfc63d-2b0d-406d-95cf-f87494bd588a which can be used as unique global reference for Fakenotify in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-011302-3052-99 - webarchive

Associated metadata

Metadata key	Value

Fakepatch

Fakepatch is a Trojan horse for Android devices that downloads more files on to the device.

Internal MISP references

UUID 981938f8-7820-4b15-ab96-f4923280253c which can be used as unique global reference for Fakepatch in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-062811-2820-99 - webarchive

Associated metadata

Metadata key	Value

Fakeplay

Fakeplay is a Trojan horse for Android devices that steals information from the compromised device and sends it to a predetermined email address.

Internal MISP references

UUID 4ac0574f-8faa-463f-a493-b245f2c76d2c which can be used as unique global reference for Fakeplay in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-100917-3825-99 - webarchive

Associated metadata

Metadata key	Value

Fakescarav

Fakescarav is a Trojan horse for Android devices that displays fake security alerts in an attempt to convince the user to pay in order to remove non-existent malware or security risks from the device.

Internal MISP references

UUID d52ff282-7b5c-427d-bc79-fbd686fb9ba3 which can be used as unique global reference for Fakescarav in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-012809-1901-99 - webarchive

Associated metadata

Metadata key	Value

Fakesecsuit

Fakesecsuit is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID c23a04d3-5c38-4edc-b082-84c8997405ab which can be used as unique global reference for Fakesecsuit in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-060514-1301-99 - webarchive

Associated metadata

Metadata key	Value

Fakesucon

Fakesucon is a Trojan horse program for Android devices that sends SMS messages to premium-rate phone numbers.

Internal MISP references

UUID 942a4a67-875a-4273-845f-3d6845738283 which can be used as unique global reference for Fakesucon in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-120915-2524-99 - webarchive

Associated metadata

Metadata key	Value

Faketaobao

Faketaobao is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID ee83a04a-5ce2-41f9-b232-c274c25acd7e which can be used as unique global reference for Faketaobao in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-062518-4057-99 - webarchive

Associated metadata

Metadata key	Value

Faketaobao.B

Faketaobao.B is a Trojan horse for Android devices that intercepts and and sends incoming SMS messages to a remote attacker.

Internal MISP references

UUID 2d4899d5-d566-4058-b216-a5c37f601417 which can be used as unique global reference for Faketaobao.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-012106-4013-99 - webarchive

Associated metadata

Metadata key	Value

Faketoken

Faketoken is a Trojan horse that opens a back door on the compromised device.

Internal MISP references

UUID 25feca2d-6867-4390-9d60-100b47d9d81a which can be used as unique global reference for Faketoken in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-032211-2048-99 - webarchive
• http://bgr.com/2017/08/18/android-malware-faketoken-steal-credit-card-info/ - webarchive

Associated metadata

Metadata key	Value

Fakeupdate

Fakeupdate is a Trojan horse for Android devices that downloads other applications onto the compromised device.

Internal MISP references

UUID e3eab046-a427-4132-99e7-f69598abcfd4 which can be used as unique global reference for Fakeupdate in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-081914-5637-99 - webarchive

Associated metadata

Metadata key	Value

Fakevoice

Fakevoice is a Trojan horse for Android devices that dials a premium-rate phone number.

Internal MISP references

UUID aab42c7b-fe4e-483c-9db5-146f449c0937 which can be used as unique global reference for Fakevoice in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-040510-3249-99 - webarchive

Associated metadata

Metadata key	Value

Farmbaby

Farmbaby is a spyware application for Android devices that logs certain information and sends SMS messages to a predetermined phone number.

Internal MISP references

UUID 97973daa-ece5-46ef-ac5b-a6ead8bddb97 which can be used as unique global reference for Farmbaby in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-090715-3641-99 - webarchive

Associated metadata

Metadata key	Value

Fauxtocopy

Fauxtocopy is a spyware application for Android devices that gathers photos from the device and sends them to a predetermined email address.

Internal MISP references

UUID 1b316569-88c5-4f5a-874c-b3eb7f5a229d which can be used as unique global reference for Fauxtocopy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-111515-3940-99 - webarchive

Associated metadata

Metadata key	Value

Feiwo

Feiwo is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 0e5a7148-d5ab-4428-bbec-55780a4fcdad which can be used as unique global reference for Feiwo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040107-4038-99 - webarchive

Associated metadata

Metadata key	Value

FindAndCall

FindAndCall is a Potentially Unwanted Application for Android devices that may leak information.

Internal MISP references

UUID d49baeba-0982-4815-a30a-c6520424a44d which can be used as unique global reference for FindAndCall in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031020-2906-99 - webarchive

Associated metadata

Metadata key	Value

Finfish

Finfish is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Internal MISP references

UUID b17a7d6f-8a48-408d-9362-3be6fab1d464 which can be used as unique global reference for Finfish in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-083016-0032-99 - webarchive

Associated metadata

Metadata key	Value

Fireleaker

Fireleaker is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID c8202616-804d-48c6-b104-466b3584f511 which can be used as unique global reference for Fireleaker in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031814-5207-99 - webarchive

Associated metadata

Metadata key	Value

Fitikser

Fitikser is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 10ac6220-2f49-4b25-9024-15f83f18033e which can be used as unique global reference for Fitikser in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-093015-2830-99 - webarchive

Associated metadata

Metadata key	Value

Flexispy

Flexispy is a Spyware application for Android devices that logs the device's activity and sends it to a predetermined website.

Internal MISP references

UUID a24e855e-cd0c-4abd-b2d8-0eaec87bcae5 which can be used as unique global reference for Flexispy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-122006-4805-99 - webarchive

Associated metadata

Metadata key	Value

Fokonge

Fokonge is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID 819bf929-01f0-447e-994c-e0e2f5a145c9 which can be used as unique global reference for Fokonge in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-071802-0727-99 - webarchive

Associated metadata

Metadata key	Value

FoncySMS

FoncySMS is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers. It may also connect to an IRC server and execute any received shell commands.

Internal MISP references

UUID 917270d8-d7f3-432a-8c5c-28e7ea842f3e which can be used as unique global reference for FoncySMS in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-011502-2651-99 - webarchive

Associated metadata

Metadata key	Value

Frogonal

Frogonal is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID c0c69286-1448-4a37-b047-7518d45a0b80 which can be used as unique global reference for Frogonal in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-062205-2312-99 - webarchive

Associated metadata

Metadata key	Value

Ftad

Ftad is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 4295a452-f24d-4a95-be3c-dc5f17606669 which can be used as unique global reference for Ftad in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040114-2020-99 - webarchive

Associated metadata

Metadata key	Value

Funtasy

Funtasy is a Trojan horse for Android devices that subscribes the user to premium SMS services.

Internal MISP references

UUID 8e11e4fa-e8d5-485d-8ee8-61bf52bcde27 which can be used as unique global reference for Funtasy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-092519-5811-99 - webarchive

Associated metadata

Metadata key	Value

GallMe

GallMe is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 2086ef12-5578-496c-b140-433836b643ef which can be used as unique global reference for GallMe in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040312-1336-99 - webarchive

Associated metadata

Metadata key	Value

Gamex

Gamex is a Trojan horse for Android devices that downloads further threats.

Internal MISP references

UUID fb63ab80-c198-48a8-a2f3-5fee516d8277 which can be used as unique global reference for Gamex in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-051015-1808-99 - webarchive

Associated metadata

Metadata key	Value

Gappusin

Gappusin is a Trojan horse for Android devices that downloads applications and disguises them as system updates.

Internal MISP references

UUID 65a95075-b79d-42ea-8a62-8390994fbed4 which can be used as unique global reference for Gappusin in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-022007-2013-99 - webarchive

Associated metadata

Metadata key	Value

Gazon

Gazon is a worm for Android devices that spreads through SMS messages.

Internal MISP references

UUID 77ea250b-d8aa-4477-8c74-93af056d8eee which can be used as unique global reference for Gazon in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-030320-1436-99 - webarchive

Associated metadata

Metadata key	Value

Geinimi

Geinimi is a Trojan that opens a back door and transmits information from the device to a remote location.

Internal MISP references

UUID da751d6f-779e-4d87-99ad-9393cb72607d which can be used as unique global reference for Geinimi in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-010111-5403-99 - webarchive

Associated metadata

Metadata key	Value

Generisk

Generisk is a generic detection for Android applications that may pose a privacy, security, or stability risk to the user or user's Android device.

Internal MISP references

UUID 1f8573ad-c3ff-4268-83a5-c0a71f7b7944 which can be used as unique global reference for Generisk in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-062622-1559-99 - webarchive

Associated metadata

Metadata key	Value

Genheur

Genheur is a generic detection for many individual but varied Trojans for Android devices for which specific definitions have not been created. A generic detection is used because it protects against many Trojans that share similar characteristics.

Internal MISP references

UUID 5bcc7083-006b-428a-8952-aa34354e011e which can be used as unique global reference for Genheur in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032613-0848-99 - webarchive

Associated metadata

Metadata key	Value

Genpush

Genpush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 1854c808-f818-416c-961a-ba582bf5f27c which can be used as unique global reference for Genpush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-033109-0426-99 - webarchive

Associated metadata

Metadata key	Value

GeoFake

GeoFake is a Trojan horse for Android devices that sends SMS messages to premium-rate numbers.

Internal MISP references

UUID 4fa4e576-369a-4211-a1ea-4896aacfe4a7 which can be used as unique global reference for GeoFake in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-040217-3232-99 - webarchive

Associated metadata

Metadata key	Value

Geplook

Geplook is a Trojan horse for Android devices that downloads additional apps onto the compromised device.

Internal MISP references

UUID ead163e7-c5b5-486f-b27d-629b26f6abdc which can be used as unique global reference for Geplook in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-121814-0917-99 - webarchive

Associated metadata

Metadata key	Value

Getadpush

Getadpush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID f41a08e2-5fc4-48ca-9cbc-9c7f0bce9b1f which can be used as unique global reference for Getadpush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040112-0957-99 - webarchive

Associated metadata

Metadata key	Value

Ggtracker

Ggtracker is a Trojan horse for Android devices that sends SMS messages to a premium-rate number. It may also steal information from the device.

Internal MISP references

UUID d4aed5c2-4011-4b62-80c1-8cdc6e5b2fc5 which can be used as unique global reference for Ggtracker in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-062208-5013-99 - webarchive

Associated metadata

Metadata key	Value

Ghostpush

Ghostpush is a Trojan horse for Android devices that roots the compromised device. It may then perform malicious activities on the compromised device.

Internal MISP references

UUID 9423457b-4660-4d27-916f-b6fd39628e17 which can be used as unique global reference for Ghostpush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-100215-3718-99 - webarchive

Associated metadata

Metadata key	Value

Gmaster

Gmaster is a Trojan horse on the Android platform that steals potentially confidential information from the compromised device.

Internal MISP references

UUID 92955169-4734-47d5-adfe-e01003dc0768 which can be used as unique global reference for Gmaster in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-082404-5049-99 - webarchive

Associated metadata

Metadata key	Value

Godwon

Godwon is a Trojan horse for Android devices that steals information.

Internal MISP references

UUID 3787e5cf-49af-4105-a775-241c40aec377 which can be used as unique global reference for Godwon in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-091017-1833-99 - webarchive

Associated metadata

Metadata key	Value

Golddream

Golddream is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID fa2fe25b-247a-4675-ab85-a040200ff9a7 which can be used as unique global reference for Golddream in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-070608-4139-99 - webarchive

Associated metadata

Metadata key	Value

Goldeneagle

Goldeneagle is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID c0836a8b-b104-42e5-ba0c-261ae2f65c50 which can be used as unique global reference for Goldeneagle in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-090110-3712-99 - webarchive

Associated metadata

Metadata key	Value

Golocker

Golocker is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 28171041-ed65-4545-9e21-e6f925fd1688 which can be used as unique global reference for Golocker in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-062003-3214-99 - webarchive

Associated metadata

Metadata key	Value

Gomal

Gomal is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 666b5326-8552-481a-85ee-37cea031de9d which can be used as unique global reference for Gomal in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-101312-1047-99 - webarchive

Associated metadata

Metadata key	Value

Gonesixty

Gonesixty is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID b153de8e-1096-4ff3-8c00-0dffe77574eb which can be used as unique global reference for Gonesixty in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-093001-2649-99 - webarchive

Associated metadata

Metadata key	Value

Gonfu

Gonfu is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID b10ae730-e9d8-42f7-8970-77fde44733c2 which can be used as unique global reference for Gonfu in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-060610-3953-99 - webarchive

Associated metadata

Metadata key	Value

Gonfu.B

Gonfu.B is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID 0caf0b55-e4ee-4971-86f0-8968ecbec5cf which can be used as unique global reference for Gonfu.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-030811-5215-99 - webarchive

Associated metadata

Metadata key	Value

Gonfu.C

Gonfu.C is a Trojan horse for Android devices that may download additional threats on the compromised device.

Internal MISP references

UUID faf9c1dc-4efd-4e16-abf9-135839126b58 which can be used as unique global reference for Gonfu.C in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031817-3639-99 - webarchive

Associated metadata

Metadata key	Value

Gonfu.D

Gonfu.D is a Trojan horse that opens a back door on Android devices.

Internal MISP references

UUID 7ee57b0f-fc7c-424a-b3c7-e1a5a028ed8e which can be used as unique global reference for Gonfu.D in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-040414-1158-99 - webarchive

Associated metadata

Metadata key	Value

Gooboot

Gooboot is a Trojan horse for Android devices that may send text messages to premium rate numbers.

Internal MISP references

UUID dedde091-a167-42bd-b47c-710381a5fc4f which can be used as unique global reference for Gooboot in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031818-3034-99 - webarchive

Associated metadata

Metadata key	Value

Goodadpush

Goodadpush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 24d9abb7-67e6-4cd5-8f34-6fae58293134 which can be used as unique global reference for Goodadpush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040108-0913-99 - webarchive

Associated metadata

Metadata key	Value

Greystripe

Greystripe is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 4e9b59a3-1b0b-4c94-bac2-22a9730cc1a0 which can be used as unique global reference for Greystripe in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052919-2643-99 - webarchive

Associated metadata

Metadata key	Value

Gugespy

Gugespy is a spyware program for Android devices that logs the device's activity and sends it to a predetermined email address.

Internal MISP references

UUID 1d9c433a-9b8c-4ad7-b4b3-5a29137aca3b which can be used as unique global reference for Gugespy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-071822-2515-99 - webarchive

Associated metadata

Metadata key	Value

Gugespy.B

Gugespy.B is a spyware program for Android devices that monitors and sends certain information to a remote location.

Internal MISP references

UUID 3869692a-e24c-44ad-8f46-a0bd38c5bc5e which can be used as unique global reference for Gugespy.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-070511-5038-99 - webarchive

Associated metadata

Metadata key	Value

Gupno

Gupno is a Trojan horse for Android devices that poses as a legitimate app and attempts to charge users for features that are normally free. It may also display advertisements on the compromised device.

Internal MISP references

UUID 2434d65f-7a96-4cf3-b3c7-d93d70be8907 which can be used as unique global reference for Gupno in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-072211-5533-99 - webarchive

Associated metadata

Metadata key	Value

Habey

Habey is a Trojan horse for Android devices that may attempt to delete files and send SMS messages from the compromised device.

Internal MISP references

UUID 15109175-300b-42b1-bc59-2ad305cb2338 which can be used as unique global reference for Habey in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-100608-4512-99 - webarchive

Associated metadata

Metadata key	Value

Handyclient

Handyclient is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID dc37a1f9-dec0-4ea0-94c6-450b26272e3d which can be used as unique global reference for Handyclient in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040307-5027-99 - webarchive

Associated metadata

Metadata key	Value

Hehe

Hehe is a Trojan horse for Android devices that blocks incoming calls and SMS messages from specific numbers. The Trojan also steals information from the compromised device.

Internal MISP references

UUID c9538896-1dd4-4d87-b89c-a0a019996b27 which can be used as unique global reference for Hehe in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-012211-0020-99 - webarchive

Associated metadata

Metadata key	Value

Hesperbot

Hesperbot is a Trojan horse for Android devices that opens a back door on the compromised device and may steal information.

Internal MISP references

UUID a642266c-b729-4009-8bd5-9cb06857cda7 which can be used as unique global reference for Hesperbot in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-121010-1120-99 - webarchive

Associated metadata

Metadata key	Value

Hippo

Hippo is a Trojan horse that sends SMS messages to premium-rate phone numbers.

Internal MISP references

UUID bdf5533f-f05d-44cf-ad0c-c1db9689961f which can be used as unique global reference for Hippo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-071215-3547-99 - webarchive

Associated metadata

Metadata key	Value

Hippo.B

Hippo.B is a Trojan horse that sends SMS messages to premium-rate phone numbers.

Internal MISP references

UUID 04d2d441-1a18-4921-96f1-56fc938e01ea which can be used as unique global reference for Hippo.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031915-0151-99 - webarchive

Associated metadata

Metadata key	Value

IadPush

IadPush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID d8dd9f88-4acf-4bbf-886b-6c48f2463109 which can be used as unique global reference for IadPush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040315-4104-99 - webarchive

Associated metadata

Metadata key	Value

iBanking

iBanking is a Trojan horse for Android devices that opens a back door on the compromised device and may steal information.

Internal MISP references

UUID 531f750f-fe86-4548-a2e5-540fda864860 which can be used as unique global reference for iBanking in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-030713-0559-99 - webarchive

Associated metadata

Metadata key	Value

Iconosis

Iconosis is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 71e19f13-ef09-44f2-a71b-ef39b2f02dbf which can be used as unique global reference for Iconosis in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-062107-3327-99 - webarchive

Associated metadata

Metadata key	Value

Iconosys

Iconosys is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 84480513-a52a-4de2-9869-1c886a6e8365 which can be used as unique global reference for Iconosys in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-081309-0341-99 - webarchive

Associated metadata

Metadata key	Value

Igexin

Igexin is an advertisement library that is bundled with certain Android applications. Igexin has the capability of spying on victims through otherwise benign apps by downloading malicious plugins,

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Igexin.

Known Synonyms
IcicleGum

Internal MISP references

UUID 52c5f9b3-e9ed-4c86-b4a8-d4ebc68a4d7b which can be used as unique global reference for Igexin in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-032606-5519-99 - webarchive
• https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - webarchive
• https://blog.lookout.com/igexin-malicious-sdk - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

ImAdPush

ImAdPush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 847d6c0e-d92e-4466-91b8-6fe2718c6031 which can be used as unique global reference for ImAdPush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040323-0218-99 - webarchive

Associated metadata

Metadata key	Value

InMobi

InMobi is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 65e35c22-4a55-44ad-bd09-43f8a18d7e93 which can be used as unique global reference for InMobi in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052713-1527-99 - webarchive

Associated metadata

Metadata key	Value

Jifake

Jifake is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers.

Internal MISP references

UUID d32149d8-a20c-40eb-b486-7c3b3369bb9a which can be used as unique global reference for Jifake in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-073021-4247-99 - webarchive

Associated metadata

Metadata key	Value

Jollyserv

Jollyserv is a Trojan horse for Android devices that sends SMS messages and steals information from the compromised device.

Internal MISP references

UUID ee7faba5-6d35-49ff-af50-1ded1e42cc0b which can be used as unique global reference for Jollyserv in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-090311-4533-99 - webarchive

Associated metadata

Metadata key	Value

Jsmshider

Jsmshider is a Trojan horse that opens a back door on Android devices.

Internal MISP references

UUID 5390586b-a224-4006-ab43-73ecdebe7892 which can be used as unique global reference for Jsmshider in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-062114-0857-99 - webarchive

Associated metadata

Metadata key	Value

Ju6

Ju6 is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 7886d5bb-8318-427a-a5df-9dc2122d8f05 which can be used as unique global reference for Ju6 in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-2428-99 - webarchive

Associated metadata

Metadata key	Value

Jumptap

Jumptap is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID ab353e23-22ef-44a8-80de-fe0ae609e571 which can be used as unique global reference for Jumptap in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052713-0859-99 - webarchive

Associated metadata

Metadata key	Value

Jzmob

Jzmob is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 941608bc-1fd5-473a-b4f7-a7f9763a4276 which can be used as unique global reference for Jzmob in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040207-1703-99 - webarchive

Associated metadata

Metadata key	Value

Kabstamper

Kabstamper is a Trojan horse for Android devices that corrupts images found on the compromised device.

Internal MISP references

UUID ff8e4fe3-12b3-4c3b-959e-82971821d8e9 which can be used as unique global reference for Kabstamper in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-060706-2305-99 - webarchive

Associated metadata

Metadata key	Value

Kidlogger

Kidlogger is a Spyware application for Android devices that logs the device's activity and sends it to a predetermined website.

Internal MISP references

UUID 89c13c33-8ec2-4bbe-9867-02ac9f0a7dad which can be used as unique global reference for Kidlogger in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-122014-1927-99 - webarchive

Associated metadata

Metadata key	Value

Kielog

Kielog is a Trojan horse for Android devices that logs keystrokes and sends the stolen information to the remote attacker.

Internal MISP references

UUID 324a5388-63f9-4ba8-aa5f-6a803be5e903 which can be used as unique global reference for Kielog in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-040205-4035-99 - webarchive

Associated metadata

Metadata key	Value

Kituri

Kituri is a Trojan horse for Android devices that blocks certain SMS messages from being received by the device. It may also send SMS messages to a premium-rate number.

Internal MISP references

UUID d1c6c267-4c59-4cf9-a540-13d38b20d360 which can be used as unique global reference for Kituri in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-061111-5350-99 - webarchive

Associated metadata

Metadata key	Value

Kranxpay

Kranxpay is a Trojan horse for Android devices that downloads other apps onto the device.

Internal MISP references

UUID 67f27518-6ec3-4723-8b4d-34d91a4d3a3e which can be used as unique global reference for Kranxpay in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-071009-0809-99 - webarchive

Associated metadata

Metadata key	Value

Krysanec

Krysanec is a Trojan horse for Android devices that opens a back door on the compromised device.

Internal MISP references

UUID 736ebf9f-1868-45ea-94a5-d389f2d11588 which can be used as unique global reference for Krysanec in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-090113-4128-99 - webarchive

Associated metadata

Metadata key	Value

Kuaidian360

Kuaidian360 is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 0ec6ad4a-77ce-4c68-a349-1973bdc328f6 which can be used as unique global reference for Kuaidian360 in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040109-2415-99 - webarchive

Associated metadata

Metadata key	Value

Kuguo

Kuguo is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 9fa68491-57fc-4d85-a063-0b822286c25f which can be used as unique global reference for Kuguo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040315-5215-99 - webarchive

Associated metadata

Metadata key	Value

Lastacloud

Lastacloud is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 3bbf47e9-57b1-4bd1-9dc3-34d59e203771 which can be used as unique global reference for Lastacloud in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-121216-4334-99 - webarchive

Associated metadata

Metadata key	Value

Laucassspy

Laucassspy is a spyware program for Android devices that steals information and sends it to a remote location.

Internal MISP references

UUID 3b3956a8-a1cb-4839-8731-08295c2b88d6 which can be used as unique global reference for Laucassspy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-092409-1822-99 - webarchive

Associated metadata

Metadata key	Value

Lifemonspy

Lifemonspy is a spyware application for Android devices that can track the phone's location, download SMS messages, and erase certain data from the device.

Internal MISP references

UUID 063abe8e-3688-48af-848e-132d636b4ecc which can be used as unique global reference for Lifemonspy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-111516-5540-99 - webarchive

Associated metadata

Metadata key	Value

Lightdd

Lightdd is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID 47aec378-9c9c-432c-9cd5-ddaa7942c6f4 which can be used as unique global reference for Lightdd in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-053114-2342-99 - webarchive

Associated metadata

Metadata key	Value

Loaderpush

Loaderpush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 5b137010-c01c-4811-b93f-e1de1c986563 which can be used as unique global reference for Loaderpush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040108-0244-99 - webarchive

Associated metadata

Metadata key	Value

Locaspy

Locaspy is a Potentially Unwanted Application for Android devices that tracks the location of the compromised device.

Internal MISP references

UUID 75e2f27a-cdeb-4768-808e-469d99a581d1 which can be used as unique global reference for Locaspy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-030720-3500-99 - webarchive

Associated metadata

Metadata key	Value

Lockdroid.E

Lockdroid.E is a Trojan horse for Android devices that locks the screen and displays a ransom demand on the compromised device.

Internal MISP references

UUID 04fc65b7-47a1-4eac-b485-ea8a6933613c which can be used as unique global reference for Lockdroid.E in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-103005-2209-99 - webarchive

Associated metadata

Metadata key	Value

Lockdroid.F

Lockdroid.F is a Trojan horse for Android devices that locks the screen and displays a ransom demand on the compromised device.

Internal MISP references

UUID a98bb328-2a25-4733-b1d2-688abf25784d which can be used as unique global reference for Lockdroid.F in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-102215-4346-99 - webarchive

Associated metadata

Metadata key	Value

Lockdroid.G

Lockdroid.G is a Trojan horse for Android devices that may display a ransom demand on the compromised device.

Internal MISP references

UUID 0e4f2334-889f-4438-bdfb-b4287397fc43 which can be used as unique global reference for Lockdroid.G in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-050610-2450-99 - webarchive

Associated metadata

Metadata key	Value

Lockdroid.H

Lockdroid.H is a Trojan horse for Android devices that locks the screen and displays a ransom demand on the compromised device.

Internal MISP references

UUID f453d127-48ae-4422-9e79-fb138f26de83 which can be used as unique global reference for Lockdroid.H in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2016-031621-1349-99 - webarchive

Associated metadata

Metadata key	Value

Lockscreen

Lockscreen is a Trojan horse for Android devices that locks the compromised device from use.

Internal MISP references

UUID 370237dc-95f4-47a0-9985-2ec8151f7e3a which can be used as unique global reference for Lockscreen in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-032409-0743-99 - webarchive

Associated metadata

Metadata key	Value

LogiaAd

LogiaAd is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 8a065cda-da87-46b6-960a-2bcc74e92fd1 which can be used as unique global reference for LogiaAd in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052713-0348-99 - webarchive

Associated metadata

Metadata key	Value

Loicdos

Loicdos is an Android application that provides an interface to a website in order to perform a denial of service (DoS) attack against a computer.

Internal MISP references

UUID 32ec05c2-a360-49b1-8863-166fd0011460 which can be used as unique global reference for Loicdos in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-022002-2431-99 - webarchive

Associated metadata

Metadata key	Value

Loozfon

Loozfon is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 983458be-99a4-460a-be5d-c8b284468a61 which can be used as unique global reference for Loozfon in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-082005-5451-99 - webarchive

Associated metadata

Metadata key	Value

Lotoor

Lotoor is a generic detection for hack tools that exploit vulnerabilities in order to gain root privileges on compromised Android devices.

Internal MISP references

UUID f459ff4a-3015-458f-8402-9981b6164f17 which can be used as unique global reference for Lotoor in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-091922-4449-99 - webarchive

Associated metadata

Metadata key	Value

Lovespy

Lovespy is a Trojan horse for Android devices that steals information from the device.

Internal MISP references

UUID 508ab8e3-c950-4adf-b87a-90f86423fa4d which can be used as unique global reference for Lovespy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-071814-3805-99 - webarchive

Associated metadata

Metadata key	Value

Lovetrap

Lovetrap is a Trojan horse that sends SMS messages to premium-rate phone numbers.

Internal MISP references

UUID ab2b8596-4304-4682-a324-6a9ddd9a9c31 which can be used as unique global reference for Lovetrap in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-072806-2905-99 - webarchive

Associated metadata

Metadata key	Value

Luckycat

Luckycat is a Trojan horse for Android devices that opens a back door and steals information on the compromised device.

Internal MISP references

UUID 5429dd64-74f5-4370-85f0-2654c067dfc5 which can be used as unique global reference for Luckycat in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-080617-5343-99 - webarchive

Associated metadata

Metadata key	Value

Machinleak

Machinleak is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 68c21410-a32c-4151-9e3e-bd3070937bfd which can be used as unique global reference for Machinleak in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-120311-2440-99 - webarchive

Associated metadata

Metadata key	Value

Maistealer

Maistealer is a Trojan that steals information from Android devices.

Internal MISP references

UUID 88521447-177a-4024-b336-0a065e6d7f16 which can be used as unique global reference for Maistealer in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-072411-4350-99 - webarchive

Associated metadata

Metadata key	Value

Malapp

Malapp is a generic detection for many individual but varied threats on Android devices that share similar characteristics.

Internal MISP references

UUID 4b2483e7-acc2-4eec-bd7f-a8ac45e403b4 which can be used as unique global reference for Malapp in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-073014-3354-99 - webarchive

Associated metadata

Metadata key	Value

Malebook

Malebook is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 93177c2f-79fa-4b3e-8312-994306bac870 which can be used as unique global reference for Malebook in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-071206-3403-99 - webarchive

Associated metadata

Metadata key	Value

Malhome

Malhome is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 6178421f-b4d9-4307-b9ac-f75139651adf which can be used as unique global reference for Malhome in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-071118-0441-99 - webarchive

Associated metadata

Metadata key	Value

Malminer

Malminer is a Trojan horse for Android devices that mines cryptocurrencies on the compromised device.

Internal MISP references

UUID 1e7e1c16-f241-41ea-ab12-f3c3f72f0931 which can be used as unique global reference for Malminer in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032712-3709-99 - webarchive

Associated metadata

Metadata key	Value

Mania

Mania is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number.

Internal MISP references

UUID dd97858e-001b-4ac4-9947-fcfdf24e12f7 which can be used as unique global reference for Mania in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-070623-1520-99 - webarchive

Associated metadata

Metadata key	Value

Maxit

Maxit is a Trojan horse for Android devices that opens a back door on the compromised device. It also steals certain information and uploads it to a remote location.

Internal MISP references

UUID 0687203f-8f57-4de3-86f5-ceb3f151151c which can be used as unique global reference for Maxit in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-120411-2511-99 - webarchive

Associated metadata

Metadata key	Value

MdotM

MdotM is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID aa94146b-6901-4c6c-8669-d64b4eb70594 which can be used as unique global reference for MdotM in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-5824-99 - webarchive

Associated metadata

Metadata key	Value

Medialets

Medialets is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 3bd73087-fdf8-426a-84b9-50f308a05c53 which can be used as unique global reference for Medialets in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-5222-99 - webarchive

Associated metadata

Metadata key	Value

Meshidden

Meshidden is a spyware application for Android devices that allows the device it is installed on to be monitored.

Internal MISP references

UUID 35ec0f9f-4516-45ed-b101-6829bd99ce86 which can be used as unique global reference for Meshidden in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031913-5257-99 - webarchive

Associated metadata

Metadata key	Value

Mesploit

Mesploit is a tool for Android devices used to create applications that exploit the Android Fake ID vulnerability.

Internal MISP references

UUID bed7e358-3b69-4944-898f-aabf32e1af3d which can be used as unique global reference for Mesploit in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-032014-2847-99 - webarchive

Associated metadata

Metadata key	Value

Mesprank

Mesprank is a Trojan horse for Android devices that opens a back door on the compromised device.

Internal MISP references

UUID 989b1801-a3a9-4671-b161-d7b07cbbae32 which can be used as unique global reference for Mesprank in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-030717-1933-99 - webarchive

Associated metadata

Metadata key	Value

Meswatcherbox

Meswatcherbox is a spyware application for Android devices that forwards SMS messages without the user knowing.

Internal MISP references

UUID d4a7f045-7e1c-4467-8eb7-7dc3ce3c04dd which can be used as unique global reference for Meswatcherbox in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-111612-2736-99 - webarchive

Associated metadata

Metadata key	Value

Miji

Miji is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID c5fa5347-0338-43f1-813b-b11ce13a44e5 which can be used as unique global reference for Miji in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032815-4720-99 - webarchive

Associated metadata

Metadata key	Value

Milipnot

Milipnot is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 44ab46dd-7027-4f66-a716-d59db5cf5e73 which can be used as unique global reference for Milipnot in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-070414-0941-99 - webarchive

Associated metadata

Metadata key	Value

MillennialMedia

MillennialMedia is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 549a3d4e-d8f8-48b5-9b4b-659646640f85 which can be used as unique global reference for MillennialMedia in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-4602-99 - webarchive

Associated metadata

Metadata key	Value

Mitcad

Mitcad is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 03d069bd-53f5-4d62-82af-2461b8b501f7 which can be used as unique global reference for Mitcad in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040212-0528-99 - webarchive

Associated metadata

Metadata key	Value

MobClix

MobClix is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 9688b924-811f-4315-ba42-2ee1e9e52b55 which can be used as unique global reference for MobClix in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-4011-99 - webarchive

Associated metadata

Metadata key	Value

MobFox

MobFox is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID ee248082-86b3-48ce-9500-47ccd471edec which can be used as unique global reference for MobFox in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-3050-99 - webarchive

Associated metadata

Metadata key	Value

Mobidisplay

Mobidisplay is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID d2a7cd95-3a32-4da4-97fb-a0982c2eaf60 which can be used as unique global reference for Mobidisplay in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040312-0435-99 - webarchive

Associated metadata

Metadata key	Value

Mobigapp

Mobigapp is a Trojan horse for Android devices that downloads applications disguised as system updates.

Internal MISP references

UUID f35969cc-13d8-46cf-a4cc-ff2f15844205 which can be used as unique global reference for Mobigapp in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-062520-5802-99 - webarchive

Associated metadata

Metadata key	Value

MobileBackup

MobileBackup is a spyware application for Android devices that monitors the affected device.

Internal MISP references

UUID caea6805-dad0-44b7-a0f2-3f41c227698c which can be used as unique global reference for MobileBackup in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031020-0040-99 - webarchive

Associated metadata

Metadata key	Value

Mobilespy

Mobilespy is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID a6acb97a-359a-4fdc-9f27-2190dbe66c02 which can be used as unique global reference for Mobilespy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-071512-0653-99 - webarchive

Associated metadata

Metadata key	Value

Mobiletx

Mobiletx is a Trojan horse for Android devices that steals information from the compromised device. It may also send SMS messages to a premium-rate number.

Internal MISP references

UUID 3752d35b-0cbf-41ee-a057-6252342d94a7 which can be used as unique global reference for Mobiletx in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-052807-4439-99 - webarchive

Associated metadata

Metadata key	Value

Mobinaspy

Mobinaspy is a spyware application for Android devices that can track the device's location.

Internal MISP references

UUID dda43d3d-5852-4957-834a-a711bbfa3e4a which can be used as unique global reference for Mobinaspy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-111516-0511-99 - webarchive

Associated metadata

Metadata key	Value

Mobus

Mobus is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 95272c25-5df1-47ef-af3d-88e7b7492d45 which can be used as unique global reference for Mobus in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-2006-99 - webarchive

Associated metadata

Metadata key	Value

MobWin

MobWin is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 960804ae-0c6a-42de-9f0c-2b20a56c2c32 which can be used as unique global reference for MobWin in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-1522-99 - webarchive

Associated metadata

Metadata key	Value

Mocore

Mocore is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID be1c2349-1864-4164-905b-cd971454448d which can be used as unique global reference for Mocore in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-092112-4603-99 - webarchive

Associated metadata

Metadata key	Value

Moghava

Moghava is a Trojan horse for Android devices that modifies images that are stored on the device.

Internal MISP references

UUID 671a2ca3-fa4f-4bfb-95d0-ac9c2479edff which can be used as unique global reference for Moghava in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-022712-2822-99 - webarchive

Associated metadata

Metadata key	Value

Momark

Momark is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID f68ccede-1c5a-4d27-8d5f-2e68ebbbfcd7 which can be used as unique global reference for Momark in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040113-5529-99 - webarchive

Associated metadata

Metadata key	Value

Monitorello

Monitorello is a spyware application for Android devices that allows the device it is installed on to be monitored.

Internal MISP references

UUID 5b89b17f-d569-4c7d-9990-c8054d506e02 which can be used as unique global reference for Monitorello in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031914-4737-99 - webarchive

Associated metadata

Metadata key	Value

Moolah

Moolah is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID c630be3f-709c-42e7-8523-905ca6896066 which can be used as unique global reference for Moolah in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-1007-99 - webarchive

Associated metadata

Metadata key	Value

MoPub

MoPub is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 1243bbc1-32a5-4034-a68b-fe67472469af which can be used as unique global reference for MoPub in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-2456-99 - webarchive

Associated metadata

Metadata key	Value

Morepaks

Morepaks is a Trojan horse for Android devices that downloads remote files and may display advertisements on the compromised device.

Internal MISP references

UUID 20ca85ec-bb04-47b1-9179-aa3871724cc4 which can be used as unique global reference for Morepaks in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-071204-1130-99 - webarchive

Associated metadata

Metadata key	Value

Nandrobox

Nandrobox is a Trojan horse for Android devices that steals information from the compromised device. It also deletes certain SMS messages from the device.

Internal MISP references

UUID 32ebe3f6-4a19-4e95-b06b-18663f4f0b43 which can be used as unique global reference for Nandrobox in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-070212-2132-99 - webarchive

Associated metadata

Metadata key	Value

Netisend

Netisend is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID deef380d-8e63-4669-9f5b-0cbf50c57070 which can be used as unique global reference for Netisend in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-080207-1139-99 - webarchive

Associated metadata

Metadata key	Value

Nickispy

Nickispy is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID 7bdcf5c4-4c1d-4f37-8811-58f60c07dc51 which can be used as unique global reference for Nickispy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-072714-3613-99 - webarchive

Associated metadata

Metadata key	Value

Notcompatible

Notcompatible is a Trojan horse for Android devices that acts as a proxy.

Internal MISP references

UUID c18d1cdc-855a-47b0-93f6-9d8795c9121d which can be used as unique global reference for Notcompatible in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-050307-2712-99 - webarchive

Associated metadata

Metadata key	Value

Nuhaz

Nuhaz is a Trojan horse for Android devices that may intercept text messages on the compromised device.

Internal MISP references

UUID ea8ff12e-fdd1-425d-bb4e-39374040b290 which can be used as unique global reference for Nuhaz in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031814-3416-99 - webarchive

Associated metadata

Metadata key	Value

Nyearleaker

Nyearleaker is a Trojan horse program for Android devices that steals information.

Internal MISP references

UUID 08381c6b-5c92-4e14-8ad5-52954b101907 which can be used as unique global reference for Nyearleaker in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-010514-0844-99 - webarchive

Associated metadata

Metadata key	Value

Obad

Obad is a Trojan horse for Android devices that opens a back door, steals information, and downloads files. It also sends SMS messages to premium-rate numbers and spreads malware to Bluetooth-enabled devices.

Internal MISP references

UUID f59181e2-6214-4ff7-842e-916d124b3535 which can be used as unique global reference for Obad in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-060411-4146-99 - webarchive

Associated metadata

Metadata key	Value

Oneclickfraud

Oneclickfraud is a Trojan horse for Android devices that attempts to coerce a user into paying for a pornographic service.

Internal MISP references

UUID 99ebc7b4-dbba-4c1c-a991-3c75d69007f6 which can be used as unique global reference for Oneclickfraud in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-011205-4412-99 - webarchive

Associated metadata

Metadata key	Value

Opfake

Opfake is a detection for Trojan horses on the Android platform that send SMS texts to premium-rate numbers.

Internal MISP references

UUID 9017bea0-d29e-4a2d-bda5-03ca6d0c7bc0 which can be used as unique global reference for Opfake in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-012709-2732-99 - webarchive

Associated metadata

Metadata key	Value

Opfake.B

Opfake.B is a Trojan horse for the Android platform that may receive commands from a remote attacker to perform various functions.

Internal MISP references

UUID 40115080-242e-4278-97b6-77171aa6ec47 which can be used as unique global reference for Opfake.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-022406-1309-99 - webarchive

Associated metadata

Metadata key	Value

Ozotshielder

Ozotshielder is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID b6e17717-a860-412b-a223-8fb0a7f5fe26 which can be used as unique global reference for Ozotshielder in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-091505-3230-99 - webarchive

Associated metadata

Metadata key	Value

Pafloat

Pafloat is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 4fa40665-8a2a-4b01-bda7-5860497a46cc which can be used as unique global reference for Pafloat in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040215-2015-99 - webarchive

Associated metadata

Metadata key	Value

PandaAds

PandaAds is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID fd4d373a-dc7a-4ed0-8880-3f4d46ab4541 which can be used as unique global reference for PandaAds in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040312-1959-99 - webarchive

Associated metadata

Metadata key	Value

Pandbot

Pandbot is a Trojan horse for Android devices that may download more files onto the device.

Internal MISP references

UUID aaa14125-c4eb-49b1-a397-6eb23e9ca8bf which can be used as unique global reference for Pandbot in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-071215-1454-99 - webarchive

Associated metadata

Metadata key	Value

Pdaspy

Pdaspy is a spyware application for Android devices that periodically gathers information from the device and uploads it to a predetermined location.

Internal MISP references

UUID d206b674-2c8b-4165-955f-c7b3747f881e which can be used as unique global reference for Pdaspy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-111612-0749-99 - webarchive

Associated metadata

Metadata key	Value

Penetho

Penetho is a hacktool for Android devices that can be used to crack the WiFi password of the router that the device is using.

Internal MISP references

UUID a032b966-7274-4963-82e3-4d6ea805db91 which can be used as unique global reference for Penetho in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-100110-3614-99 - webarchive

Associated metadata

Metadata key	Value

Perkel

Perkel is a Trojan horse for Android devices that may steal information from the compromised device.

Internal MISP references

UUID c076d45a-d4f8-4e6b-9f69-71687b5670f7 which can be used as unique global reference for Perkel in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-082811-4213-99 - webarchive

Associated metadata

Metadata key	Value

Phimdropper

Phimdropper is a Trojan horse for Android devices that sends and intercepts incoming SMS messages.

Internal MISP references

UUID 12801a82-add4-48f4-957a-5e7b09f2d0e3 which can be used as unique global reference for Phimdropper in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-021002-2943-99 - webarchive

Associated metadata

Metadata key	Value

Phospy

Phospy is a Trojan horse for Android devices that steals confidential information from the compromised device.

Internal MISP references

UUID 058809da-b25d-429b-8773-e2b2f820d5ef which can be used as unique global reference for Phospy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-060706-4803-99 - webarchive

Associated metadata

Metadata key	Value

Piddialer

Piddialer is a Trojan horse for Android devices that dials premium-rate numbers from the compromised device.

Internal MISP references

UUID c561faeb-2b49-413c-90fa-879fed864e76 which can be used as unique global reference for Piddialer in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-111020-2247-99 - webarchive

Associated metadata

Metadata key	Value

Pikspam

Pikspam is a Trojan horse for Android devices that sends spam SMS messages from the compromised device.

Internal MISP references

UUID da914e7e-8cd2-49d2-9e6c-ce7f5174f3e1 which can be used as unique global reference for Pikspam in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-121815-0336-99 - webarchive

Associated metadata

Metadata key	Value

Pincer

Pincer is a Trojan horse for Android devices that steals confidential information and opens a back door on the compromised device.

Internal MISP references

UUID 4ef79875-3b57-4025-8a2a-07cdb078064f which can be used as unique global reference for Pincer in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-052307-3530-99 - webarchive

Associated metadata

Metadata key	Value

Pirator

Pirator is a Trojan horse on the Android platform that downloads files and steals potentially confidential information from the compromised device.

Internal MISP references

UUID 42b22f4f-c4ca-49a7-8ef2-4f470a611d87 which can be used as unique global reference for Pirator in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-021609-5740-99 - webarchive

Associated metadata

Metadata key	Value

Pjapps

Pjapps is a Trojan horse that has been embedded on third party applications and opens a back door on the compromised device. It retrieves commands from a remote command and control server.

Internal MISP references

UUID 5ad131de-ee9b-4815-9779-dd41bbc691ac which can be used as unique global reference for Pjapps in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-022303-3344-99 - webarchive

Associated metadata

Metadata key	Value

Pjapps.B

Pjapps.B is a Trojan horse for Android devices that opens a back door on the compromised device.

Internal MISP references

UUID 337a4e0f-3ba7-4b3e-8ee8-6dec28efa367 which can be used as unique global reference for Pjapps.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032014-1624-99 - webarchive

Associated metadata

Metadata key	Value

Pletora

Pletora is a is a Trojan horse for Android devices that may lock the compromised device. It then asks the user to pay in order to unlock the device.

Internal MISP references

UUID e7fcea42-c041-4650-8a74-980e2580f707 which can be used as unique global reference for Pletora in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-061217-4345-99 - webarchive

Associated metadata

Metadata key	Value

Poisoncake

Poisoncake is a Trojan horse for Android devices that opens a back door on the compromised device. It may also download potentially malicious files and steal information.

Internal MISP references

UUID f3fa28df-2f61-4391-921d-0df12015406a which can be used as unique global reference for Poisoncake in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-010610-0726-99 - webarchive

Associated metadata

Metadata key	Value

Pontiflex

Pontiflex is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID a69028fd-345c-46c1-a8e4-5344edf4a83b which can be used as unique global reference for Pontiflex in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052618-0946-99 - webarchive

Associated metadata

Metadata key	Value

Positmob

Positmob is a Trojan horse program for Android devices that sends SMS messages to premium rate phone numbers.

Internal MISP references

UUID 55014563-84cd-42bd-a4d0-9cb59fed0954 which can be used as unique global reference for Positmob in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-111409-1556-99 - webarchive

Associated metadata

Metadata key	Value

Premiumtext

Premiumtext is a detection for Trojan horses on the Android platform that send SMS texts to premium-rate numbers. These Trojans will often be repackaged versions of genuine Android software packages, often distributed outside the Android Marketplace.

Internal MISP references

UUID aafa218b-681d-4fa9-bbe0-3e5e1655e379 which can be used as unique global reference for Premiumtext in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-080213-5308-99 - webarchive

Associated metadata

Metadata key	Value

Pris

Pris is a Trojan horse for Android devices that silently downloads a malicious application and attempts to open a back door on the compromised device.

Internal MISP references

UUID 84c24979-1f6b-4fb6-9783-b0262002f27c which can be used as unique global reference for Pris in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-061820-5638-99 - webarchive

Associated metadata

Metadata key	Value

Qdplugin

Qdplugin is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Internal MISP references

UUID 104be155-2e71-46bf-90a4-c2b27c6b6825 which can be used as unique global reference for Qdplugin in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-102510-3330-99 - webarchive

Associated metadata

Metadata key	Value

Qicsomos

Qicsomos is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number.

Internal MISP references

UUID ef0a5556-2328-47f2-9703-bd8001639afe which can be used as unique global reference for Qicsomos in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-011007-2223-99 - webarchive

Associated metadata

Metadata key	Value

Qitmo

Qitmo is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 0d2c5dd9-8300-4570-a49e-971ac90efdec which can be used as unique global reference for Qitmo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-030716-4923-99 - webarchive

Associated metadata

Metadata key	Value

Rabbhome

Rabbhome is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 4c15d120-70c8-4d9f-b001-bf6c218a991a which can be used as unique global reference for Rabbhome in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-053007-3750-99 - webarchive

Associated metadata

Metadata key	Value

Repane

Repane is a Trojan horse for Android devices that steals information and sends SMS messages from the compromised device.

Internal MISP references

UUID 4f07cf74-9b9b-479d-859e-67a2a13ca5de which can be used as unique global reference for Repane in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-090411-5052-99 - webarchive

Associated metadata

Metadata key	Value

Reputation.1

Reputation.1 is a detection for Android files based on analysis performed by Norton Mobile Insight.

Internal MISP references

UUID d1ef2846-24cc-48a7-9bf2-c739eed7d25a which can be used as unique global reference for Reputation.1 in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-022612-2619-99 - webarchive

Associated metadata

Metadata key	Value

Reputation.2

Reputation.2 is a detection for Android files based on analysis performed by Norton Mobile Insight.

Internal MISP references

UUID 522a2325-290b-45ac-9eab-ffdf3898dbee which can be used as unique global reference for Reputation.2 in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-022613-2629-99 - webarchive

Associated metadata

Metadata key	Value

Reputation.3

Reputation.3 is a detection for Android files based on analysis performed by Norton Mobile Insight.

Internal MISP references

UUID 095a898a-301a-49f1-9bc6-c43425d17c8e which can be used as unique global reference for Reputation.3 in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-022613-3126-99 - webarchive

Associated metadata

Metadata key	Value

RevMob

RevMob is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 6469a63e-5c6b-4517-9540-eb16488ad67a which can be used as unique global reference for RevMob in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040308-0502-99 - webarchive

Associated metadata

Metadata key	Value

Roidsec

Roidsec is a Trojan horse for Android devices that steals confidential information.

Internal MISP references

UUID 06ae93ed-13ba-4200-9c91-8901f08a4fae which can be used as unique global reference for Roidsec in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-052022-1227-99 - webarchive

Associated metadata

Metadata key	Value

Rootcager

Rootcager is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID 25f0c7d4-f961-4cd1-ac70-90242506200d which can be used as unique global reference for Rootcager in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-030212-1438-99 - webarchive

Associated metadata

Metadata key	Value

Rootnik

Rootnik is a Trojan horse for Android devices that steals information and downloads additional apps.

Internal MISP references

UUID 05f5a051-d7a2-4757-a2f0-d685334d9374 which can be used as unique global reference for Rootnik in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2016-062710-0328-99 - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Rufraud

Rufraud is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers.

Internal MISP references

UUID 99064315-2097-4c2e-8f92-a34ab9422441 which can be used as unique global reference for Rufraud in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-121306-2304-99 - webarchive

Associated metadata

Metadata key	Value

Rusms

Rusms is a Trojan horse for Android devices that sends SMS messages and steals information from the compromised device.

Internal MISP references

UUID 77ba4823-2d71-4ead-aba8-71a15a2a7c99 which can be used as unique global reference for Rusms in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-061711-5009-99 - webarchive

Associated metadata

Metadata key	Value

Samsapo

Samsapo is a worm for Android devices that spreads by sending SMS messages to all contacts stored on the compromised device. It also opens a back door and downloads files.

Internal MISP references

UUID d266a784-3ce7-40f2-b710-0d758700276b which can be used as unique global reference for Samsapo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-050111-1908-99 - webarchive

Associated metadata

Metadata key	Value

Sandorat

Sandorat is a Trojan horse for Android devices that opens a back door on the compromised device. It also steals information.

Internal MISP references

UUID f0baccdc-d38f-4bb1-ab42-319b69be6322 which can be used as unique global reference for Sandorat in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-110720-2146-99 - webarchive

Associated metadata

Metadata key	Value

Sberick

Sberick is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID bd781792-dd1f-4fa9-a523-53f578b8f52c which can be used as unique global reference for Sberick in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-071014-2146-99 - webarchive

Associated metadata

Metadata key	Value

Scartibro

Scartibro is a Trojan horse for Android devices that locks the compromised device and asks the user to pay in order to unlock it.

Internal MISP references

UUID 0c7bac44-c062-4dd6-824d-79f3c225d3e5 which can be used as unique global reference for Scartibro in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-080718-2038-99 - webarchive

Associated metadata

Metadata key	Value

Scipiex

Scipiex is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID e658c4ff-a749-44d1-9c7c-d8782cecbb05 which can be used as unique global reference for Scipiex in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-100814-4702-99 - webarchive

Associated metadata

Metadata key	Value

Selfmite

Selfmite is a worm for Android devices that spreads through SMS messages.

Internal MISP references

UUID 666eb607-971e-4a90-92df-2b1903eb5c29 which can be used as unique global reference for Selfmite in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-070111-5857-99 - webarchive

Associated metadata

Metadata key	Value

Selfmite.B

Selfmite.B is a worm for Android devices that displays ads on the compromised device. It spreads through SMS messages.

Internal MISP references

UUID 1031ff29-419d-450e-a1d3-d203db10b7df which can be used as unique global reference for Selfmite.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-101013-4717-99 - webarchive

Associated metadata

Metadata key	Value

SellARing

SellARing is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 875a58aa-f155-48d5-86a7-b18bf711a211 which can be used as unique global reference for SellARing in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040407-3157-99 - webarchive

Associated metadata

Metadata key	Value

SendDroid

SendDroid is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 69ca9eb1-f19a-4442-8bfd-ac5f9a5387c2 which can be used as unique global reference for SendDroid in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040311-2111-99 - webarchive

Associated metadata

Metadata key	Value

Simhosy

Simhosy is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 96624486-651c-499d-a731-83e149e16ea4 which can be used as unique global reference for Simhosy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-061013-3955-99 - webarchive

Associated metadata

Metadata key	Value

Simplocker

Simplocker is a Trojan horse for Android devices that may encrypt files on the compromised device. It then asks the user to pay in order to decrypt these files.

Internal MISP references

UUID 194d0629-9e26-4de4-8239-85b862aadc7f which can be used as unique global reference for Simplocker in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-060610-5533-99 - webarchive

Associated metadata

Metadata key	Value

Simplocker.B

Simplocker.B is a Trojan horse for Android devices that may encrypt files on the compromised device. It then asks the user to pay in order to decrypt these files.

Internal MISP references

UUID 6cf6fdd1-acce-4498-afe9-bc9202235cfa which can be used as unique global reference for Simplocker.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-072317-1950-99 - webarchive

Associated metadata

Metadata key	Value

Skullkey

Skullkey is a Trojan horse for Android devices that gives the attacker remote control of the compromised device to perform malicious activity.

Internal MISP references

UUID 8f5e8349-14cb-4dc2-86dc-bcfe7360d4c7 which can be used as unique global reference for Skullkey in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-072322-5422-99 - webarchive

Associated metadata

Metadata key	Value

Smaato

Smaato is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 5e02d505-59bf-493e-b9d8-29dffcc5045a which can be used as unique global reference for Smaato in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052622-1755-99 - webarchive

Associated metadata

Metadata key	Value

Smbcheck

Smbcheck is a hacktool for Android devices that can trigger a Server Message Block version 2 (SMBv2) vulnerability and may cause the target computer to crash.

Internal MISP references

UUID 60be1539-2205-4865-87ab-318dcdb1873e which can be used as unique global reference for Smbcheck in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032613-5634-99 - webarchive

Associated metadata

Metadata key	Value

Smsblocker

Smsblocker is a generic detection for threats on Android devices that block the transmission of SMS messages.

Internal MISP references

UUID 13b6f47b-12bd-4c0a-88d1-b6a627169266 which can be used as unique global reference for Smsblocker in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-081607-4001-99 - webarchive

Associated metadata

Metadata key	Value

Smsbomber

Smsbomber is a program that can be used to send messages to contacts on the device.

Internal MISP references

UUID 054789dc-6ffa-4a06-ace9-6fd7095c7504 which can be used as unique global reference for Smsbomber in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-112611-5837-99 - webarchive

Associated metadata

Metadata key	Value

Smslink

Smslink is a Trojan horse for Android devices that may send malicious SMS messages from the compromised device. It may also display advertisements.

Internal MISP references

UUID 5d41547a-fc71-4e49-8dbf-59f15a58a74c which can be used as unique global reference for Smslink in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-112600-3035-99 - webarchive

Associated metadata

Metadata key	Value

Smspacem

Smspacem is a Trojan horse that may send SMS messages from Android devices.

Internal MISP references

UUID 3191e73e-72a4-4a05-9d5b-2da158822820 which can be used as unique global reference for Smspacem in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-052310-1322-99 - webarchive

Associated metadata

Metadata key	Value

SMSReplicator

SMSReplicator is a spying utility that will secretly transmit incoming SMS messages to another phone of the installer's choice.

Internal MISP references

UUID 8e638226-b772-492c-b0a3-3a77e5b08496 which can be used as unique global reference for SMSReplicator in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2010-110214-1252-99 - webarchive

Associated metadata

Metadata key	Value

Smssniffer

Smssniffer is a Trojan horse that intercepts SMS messages on Android devices.

Internal MISP references

UUID 4d79cd58-217a-454a-991c-19219612580c which can be used as unique global reference for Smssniffer in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-071108-3626-99 - webarchive

Associated metadata

Metadata key	Value

Smsstealer

Smsstealer is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID c502316f-f3bb-47a4-9198-d73426609429 which can be used as unique global reference for Smsstealer in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-121514-0214-99 - webarchive

Associated metadata

Metadata key	Value

Smstibook

Smstibook is a Trojan horse that attempts to send premium-rate SMS messages to predetermined numbers.

Internal MISP references

UUID 312806f6-dc58-4b2b-b86e-1338626460ea which can be used as unique global reference for Smstibook in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-051207-4833-99 - webarchive

Associated metadata

Metadata key	Value

Smszombie

Smszombie is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 99884c3e-cc56-4099-a52b-136ae0078d61 which can be used as unique global reference for Smszombie in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-082011-0922-99 - webarchive

Associated metadata

Metadata key	Value

Snadapps

Snadapps is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID ac43bc86-59da-42ad-82d6-d0a17cc04a40 which can be used as unique global reference for Snadapps in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-071807-3111-99 - webarchive

Associated metadata

Metadata key	Value

Sockbot

Sockbot is a Trojan horse for Android devices that creates a SOCKS proxy on the compromised device.

Internal MISP references

UUID e8096285-d437-4664-9125-d30cb19b84cb which can be used as unique global reference for Sockbot in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2017-101314-1353-99 - webarchive

Associated metadata

Metadata key	Value

Sockrat

Sockrat is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Internal MISP references

UUID dadccdda-a4c2-4021-90b9-61a394e602be which can be used as unique global reference for Sockrat in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-110509-4646-99 - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Sofacy

Sofacy is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID df36267b-7267-4c23-a7a1-cf94ef1b3729 which can be used as unique global reference for Sofacy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2017-010508-5201-99 - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Sosceo

Sosceo is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID f1118dcb-13a3-4021-8dee-22201ae9324a which can be used as unique global reference for Sosceo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040408-0609-99 - webarchive

Associated metadata

Metadata key	Value

Spitmo

Spitmo is a Trojan horse that steals information from Android devices.

Internal MISP references

UUID 98a51dbd-5fe4-44f1-8171-2f7bb5691ca8 which can be used as unique global reference for Spitmo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-091407-1435-99 - webarchive

Associated metadata

Metadata key	Value

Spitmo.B

Spitmo.B is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 75ee2fc5-f412-42a3-b17b-be5b7c1b5172 which can be used as unique global reference for Spitmo.B in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-030715-0445-99 - webarchive

Associated metadata

Metadata key	Value

Spyagent

Spyagent is a spyware application for Android devices that logs certain information and sends SMS messages to a predetermined phone number.

Internal MISP references

UUID b399f848-032d-4e7b-8c53-1d61ef53ef73 which can be used as unique global reference for Spyagent in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-090710-1836-99 - webarchive

Associated metadata

Metadata key	Value

Spybubble

Spybubble is a Spyware application for Android devices that logs the device's activity and sends it to a predetermined website.

Internal MISP references

UUID ee87a204-a0d6-4e4b-ba05-85853df60857 which can be used as unique global reference for Spybubble in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-121917-0335-99 - webarchive

Associated metadata

Metadata key	Value

Spydafon

Spydafon is a Potentially Unwanted Application for Android devices that monitors the affected device.

Internal MISP references

UUID 8e313409-bee2-4ea5-9dc5-062dde2d37a7 which can be used as unique global reference for Spydafon in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-030722-4740-99 - webarchive

Associated metadata

Metadata key	Value

Spymple

Spymple is a spyware application for Android devices that allows the device it is installed on to be monitored.

Internal MISP references

UUID d2f7d24a-5ad2-4cae-a600-9f9e0415e32f which can be used as unique global reference for Spymple in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-031914-5403-99 - webarchive

Associated metadata

Metadata key	Value

Spyoo

Spyoo is a spyware program for Android devices that records and sends certain information to a remote location.

Internal MISP references

UUID d3f5be8f-e1bd-45a7-b78e-1594884ed740 which can be used as unique global reference for Spyoo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-081709-0457-99 - webarchive

Associated metadata

Metadata key	Value

Spytekcell

Spytekcell is a spyware program for Android devices that monitors and sends certain information to a remote location.

Internal MISP references

UUID 7e83bb34-5b0a-4a04-9c33-45ccd62adb49 which can be used as unique global reference for Spytekcell in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-121021-0730-99 - webarchive

Associated metadata

Metadata key	Value

Spytrack

Spytrack is a spyware program for Android devices that periodically sends certain information to a remote location.

Internal MISP references

UUID 70ff60ea-2955-4ab0-ad7f-aa33e6bb0b9c which can be used as unique global reference for Spytrack in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-080109-5710-99 - webarchive

Associated metadata

Metadata key	Value

Spywaller

Spywaller is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID eff7bcd4-a797-4a85-8db2-583b182c98e5 which can be used as unique global reference for Spywaller in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2015-121807-0203-99 - webarchive

Associated metadata

Metadata key	Value

Stealthgenie

Stealthgenie is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 3e90ee61-4377-473f-8469-7a91875b54f1 which can be used as unique global reference for Stealthgenie in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-111416-1306-99 - webarchive

Associated metadata

Metadata key	Value

Steek

Steek is a potentially unwanted application that is placed on a download website for Android applications and disguised as popular applications.

Internal MISP references

UUID 31f0f24e-6807-4a1a-b14d-cb421b1aea12 which can be used as unique global reference for Steek in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-010911-3142-99 - webarchive

Associated metadata

Metadata key	Value

Stels

Stels is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Internal MISP references

UUID 435cbdcd-4cab-4a2e-8e58-9094b6226f94 which can be used as unique global reference for Stels in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-032910-0254-99 - webarchive

Associated metadata

Metadata key	Value

Stiniter

Stiniter is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number.

Internal MISP references

UUID 418dc95a-a638-4e85-b72d-0bf6b7cbda0c which can be used as unique global reference for Stiniter in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-030903-5228-99 - webarchive

Associated metadata

Metadata key	Value

Sumzand

Sumzand is a Trojan horse for Android devices that steals information and sends it to a remote location.

Internal MISP references

UUID 2799ad1e-b438-4da5-a489-6035643c71a8 which can be used as unique global reference for Sumzand in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-080308-2851-99 - webarchive

Associated metadata

Metadata key	Value

Sysecsms

Sysecsms is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 7f7611d7-0419-4d6c-8026-6d132912f297 which can be used as unique global reference for Sysecsms in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-122714-5228-99 - webarchive

Associated metadata

Metadata key	Value

Tanci

Tanci is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 031cabf7-f43c-4de3-9cd7-2ee96a4a3696 which can be used as unique global reference for Tanci in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032815-4108-99 - webarchive

Associated metadata

Metadata key	Value

Tapjoy

Tapjoy is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID e57f936d-0cf2-4f83-9daf-3d167de8fdfb which can be used as unique global reference for Tapjoy in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052619-4702-99 - webarchive

Associated metadata

Metadata key	Value

Tapsnake

Tapsnake is a Trojan horse for Android phones that is embedded into a game. It tracks the phone's location and posts it to a remote web service.

Internal MISP references

UUID a5ff203d-3613-4b66-bdec-ef342e9c85c2 which can be used as unique global reference for Tapsnake in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2010-081214-2657-99 - webarchive

Associated metadata

Metadata key	Value

Tascudap

Tascudap is a Trojan horse for Android devices that uses the compromised device in denial of service attacks.

Internal MISP references

UUID 171cfcc4-171c-4f62-82c0-b1583937cd0d which can be used as unique global reference for Tascudap in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-121312-4547-99 - webarchive

Associated metadata

Metadata key	Value

Teelog

Teelog is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Internal MISP references

UUID 9de29650-4fca-40d1-8def-1fe39bde13a3 which can be used as unique global reference for Teelog in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-040215-2736-99 - webarchive

Associated metadata

Metadata key	Value

Temai

Temai is a Trojan horse for Android applications that opens a back door and downloads malicious files onto the compromised device.

Internal MISP references

UUID 3b8479b5-1ea2-4a0d-a80d-4ab9f91b477a which can be used as unique global reference for Temai in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-091722-4052-99 - webarchive

Associated metadata

Metadata key	Value

Tetus

Tetus is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID d706632e-0940-4ae0-9fc5-ed59b941828c which can be used as unique global reference for Tetus in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-012409-4705-99 - webarchive

Associated metadata

Metadata key	Value

Tgpush

Tgpush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID c9e1c4d7-7082-45c3-8aae-4449d94639ef which can be used as unique global reference for Tgpush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032816-0259-99 - webarchive

Associated metadata

Metadata key	Value

Tigerbot

Tigerbot is a Trojan horse for Android devices that opens a back door on the compromised device.

Internal MISP references

UUID 7ae84b6b-79c0-4835-8ebe-f9da724cde3f which can be used as unique global reference for Tigerbot in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-041010-2221-99 - webarchive

Associated metadata

Metadata key	Value

Tonclank

Tonclank is a Trojan horse that steals information and may open a back door on Android devices.

Internal MISP references

UUID 68c29f38-36a6-46c0-bef9-cd70de3d6497 which can be used as unique global reference for Tonclank in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-061012-4545-99 - webarchive

Associated metadata

Metadata key	Value

Trogle

Trogle is a worm for Android devices that may steal information from the compromised device.

Internal MISP references

UUID fae64496-415e-49fa-94ed-519ef7a0fac9 which can be used as unique global reference for Trogle in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-081213-5553-99 - webarchive

Associated metadata

Metadata key	Value

Twikabot

Twikabot is a Trojan horse for Android devices that attempts to steal information.

Internal MISP references

UUID 301a279e-ea93-4857-b994-b846712b6fac which can be used as unique global reference for Twikabot in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-062614-5813-99 - webarchive

Associated metadata

Metadata key	Value

Uapush

Uapush is a Trojan horse for Android devices that steals information from the compromised device. It may also display advertisements and send SMS messages from the compromised device.

Internal MISP references

UUID c7c3547b-513c-4f65-b896-77bcf2bbf3a9 which can be used as unique global reference for Uapush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-040114-2910-99 - webarchive

Associated metadata

Metadata key	Value

Umeng

Umeng is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID bc21922b-50a2-49a2-8828-c032b75dd4d1 which can be used as unique global reference for Umeng in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040307-5749-99 - webarchive

Associated metadata

Metadata key	Value

Updtbot

Updtbot is a Trojan horse for Android devices that may arrive through SMS messages. It may then open a back door on the compromised device.

Internal MISP references

UUID 572c7fc4-081b-4e13-a1c2-5c1b7c7288bf which can be used as unique global reference for Updtbot in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-041611-4136-99 - webarchive

Associated metadata

Metadata key	Value

Upush

Upush is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 6d386a6c-0cd2-47f9-891d-435e135bf005 which can be used as unique global reference for Upush in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040207-0733-99 - webarchive

Associated metadata

Metadata key	Value

Uracto

Uracto is a Trojan horse for Android devices that steals personal information and sends spam SMS messages to contacts found on the compromised device.

Internal MISP references

UUID d94c59b1-165b-4f8c-ba96-16209a99bbd0 which can be used as unique global reference for Uracto in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-031805-2722-99 - webarchive

Associated metadata

Metadata key	Value

Uranico

Uranico is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 6d50487d-ac9a-4369-9520-471b2c9d2413 which can be used as unique global reference for Uranico in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-052803-3835-99 - webarchive

Associated metadata

Metadata key	Value

Usbcleaver

Usbcleaver is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 5110098d-d07d-4e85-bde5-2b2dcd844317 which can be used as unique global reference for Usbcleaver in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-062010-1818-99 - webarchive

Associated metadata

Metadata key	Value

Utchi

Utchi is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 45633e6c-482b-40d8-aab6-5702ebfd1a25 which can be used as unique global reference for Utchi in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040107-2536-99 - webarchive

Associated metadata

Metadata key	Value

Uten

Uten is a Trojan horse for Android devices that may send, block, and delete SMS messages on a compromised device. It may also download and install additional applications and attempt to gain root privileges.

Internal MISP references

UUID a677735e-fc30-47ea-a679-3eae567a0c50 which can be used as unique global reference for Uten in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-092316-4752-99 - webarchive

Associated metadata

Metadata key	Value

Uupay

Uupay is a Trojan horse for Android devices that steals information from the compromised device. It may also download additional malware.

Internal MISP references

UUID 0766d789-3c9b-4bad-bc2e-8bdeccdef2fa which can be used as unique global reference for Uupay in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-061714-1550-99 - webarchive

Associated metadata

Metadata key	Value

Uxipp

Uxipp is a Trojan horse that attempts to send premium-rate SMS messages to predetermined numbers.

Internal MISP references

UUID da60c9f2-5429-46f6-9482-6f406e56ba07 which can be used as unique global reference for Uxipp in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99 - webarchive

Associated metadata

Metadata key	Value

Vdloader

Vdloader is a Trojan horse for Android devices that opens a back door on the compromised device and steals confidential information.

Internal MISP references

UUID d0dbf62f-77fe-4051-a34a-67c843248357 which can be used as unique global reference for Vdloader in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-080209-1420-99 - webarchive

Associated metadata

Metadata key	Value

VDopia

VDopia is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 17241b57-1b2f-4013-bc8b-f68e4e57e1a7 which can be used as unique global reference for VDopia in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-1559-99 - webarchive

Associated metadata

Metadata key	Value

Virusshield

Virusshield is a Trojan horse for Android devices that claims to scan apps and protect personal information, but has no real functionality.

Internal MISP references

UUID dd1185c0-6456-4231-b39b-b127c2be88c5 which can be used as unique global reference for Virusshield in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040810-5457-99 - webarchive

Associated metadata

Metadata key	Value

VServ

VServ is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID e8d75cbf-aaed-4b9e-8599-36ee963f8439 which can be used as unique global reference for VServ in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052619-3117-99 - webarchive

Associated metadata

Metadata key	Value

Walkinwat

Walkinwat is a Trojan horse that steals information from the compromised device.

Internal MISP references

UUID e2696142-5981-4055-874b-727eefda8c46 which can be used as unique global reference for Walkinwat in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-033008-4831-99 - webarchive

Associated metadata

Metadata key	Value

Waps

Waps is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID aa3cebc6-9083-42c4-8eae-e7662aa934a2 which can be used as unique global reference for Waps in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040406-5437-99 - webarchive

Associated metadata

Metadata key	Value

Waren

Waren is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 164fb7dd-3fab-45fd-9d0a-4c2d61841059 which can be used as unique global reference for Waren in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-032815-5501-99 - webarchive

Associated metadata

Metadata key	Value

Windseeker

Windseeker is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID 30b09d1a-2503-4481-a939-f6227fb2ead5 which can be used as unique global reference for Windseeker in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-101519-0720-99 - webarchive

Associated metadata

Metadata key	Value

Wiyun

Wiyun is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID ced6bfb0-a4eb-460a-9594-185ddaaec5c6 which can be used as unique global reference for Wiyun in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040207-5646-99 - webarchive

Associated metadata

Metadata key	Value

Wooboo

Wooboo is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 0bd6959f-b764-431f-b75c-0cb4fe88f025 which can be used as unique global reference for Wooboo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040407-5829-99 - webarchive

Associated metadata

Metadata key	Value

Wqmobile

Wqmobile is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID ce553391-48ef-4749-af44-ef899e710558 which can be used as unique global reference for Wqmobile in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040407-4926-99 - webarchive

Associated metadata

Metadata key	Value

YahooAds

YahooAds is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 8ff80176-7fb2-41ed-8b4c-5995d4f4bc9f which can be used as unique global reference for YahooAds in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-060621-3229-99 - webarchive

Associated metadata

Metadata key	Value

Yatoot

Yatoot is a Trojan horse for Android devices that steals information from the compromised device.

Internal MISP references

UUID ac66cb33-91a0-4777-a78d-8077089a7231 which can be used as unique global reference for Yatoot in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-031408-4748-99 - webarchive

Associated metadata

Metadata key	Value

Yinhan

Yinhan is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 956d67a6-5e5f-48bf-b1c5-bc34536b8845 which can be used as unique global reference for Yinhan in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040107-3350-99 - webarchive

Associated metadata

Metadata key	Value

Youmi

Youmi is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 805ea1fb-c6e3-47d9-9eb5-2d4b73e63f42 which can be used as unique global reference for Youmi in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-040407-4318-99 - webarchive

Associated metadata

Metadata key	Value

YuMe

YuMe is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID e5a6a49e-92df-4e94-ac87-78d0f08c482e which can be used as unique global reference for YuMe in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-060621-0322-99 - webarchive

Associated metadata

Metadata key	Value

Zeahache

Zeahache is a Trojan horse that elevates privileges on the compromised device.

Internal MISP references

UUID 78f04148-de99-4249-8057-ca610d6cab4e which can be used as unique global reference for Zeahache in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2011-032309-5042-99 - webarchive

Associated metadata

Metadata key	Value

ZertSecurity

ZertSecurity is a Trojan horse for Android devices that steals information and sends it to a remote attacker.

Internal MISP references

UUID 3f77d88c-b3a6-4cc8-bc09-40dca0f942c5 which can be used as unique global reference for ZertSecurity in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2013-050820-4100-99 - webarchive

Associated metadata

Metadata key	Value

ZestAdz

ZestAdz is an advertisement library that is bundled with certain Android applications.

Internal MISP references

UUID 94572b76-b677-40da-8e92-db29ea1f0307 which can be used as unique global reference for ZestAdz in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2014-052616-3821-99 - webarchive

Associated metadata

Metadata key	Value

Zeusmitmo

Zeusmitmo is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.

Internal MISP references

UUID 1bce8b50-16e8-4548-94c9-f82bdbc91053 which can be used as unique global reference for Zeusmitmo in MISP communities and other software using the MISP galaxy

External references

• https://www.symantec.com/security_response/writeup.jsp?docid=2012-080818-0448-99 - webarchive

Associated metadata

Metadata key	Value

SLocker

The SLocker family is one of the oldest mobile lock screen and file-encrypting ransomware and used to impersonate law enforcement agencies to convince victims to pay their ransom.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular SLocker.

Known Synonyms
SMSLocker

Internal MISP references

UUID e8bb68f2-d8ca-4576-b47b-8123aef6324b which can be used as unique global reference for SLocker in MISP communities and other software using the MISP galaxy

External references

• http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-ransomware-pocket-sized-badness/ - webarchive
• http://blog.trendmicro.com/trendlabs-security-intelligence/slocker-mobile-ransomware-starts-mimicking-wannacry/ - webarchive

Associated metadata

Metadata key	Value

Loapi

A malware strain known as Loapi will damage phones if users don't remove it from their devices. Left to its own means, this modular threat will download a Monero cryptocurrency miner that will overheat and overwork the phone's components, which will make the battery bulge, deform the phone's cover, or even worse. Discovered by Kaspersky Labs, researchers say Loapi appears to have evolved from Podec, a malware strain spotted in 2015.

Internal MISP references

UUID 2620f8ce-a4a6-4ea2-a281-7f476ff114ed which can be used as unique global reference for Loapi in MISP communities and other software using the MISP galaxy

External references

• https://www.bleepingcomputer.com/news/security/android-malware-will-destroy-your-phone-no-ifs-and-buts-about-it/ - webarchive

Associated metadata

Metadata key	Value

Podec

Late last year, we encountered an SMS Trojan called Trojan-SMS.AndroidOS.Podec which used a very powerful legitimate system to protect itself against analysis and detection. After we removed the protection, we saw a small SMS Trojan with most of its malicious payload still in development. Before long, though, we intercepted a fully-fledged version of Trojan-SMS.AndroidOS.Podec in early 2015. The updated version proved to be remarkable: it can send messages to premium-rate numbers employing tools that bypass the Advice of Charge system (which notifies users about the price of a service and requires authorization before making the payment). It can also subscribe users to premium-rate services while bypassing CAPTCHA. This is the first time Kaspersky Lab has encountered this kind of capability in any Android-Trojan.

Internal MISP references

UUID e3cd1cf3-2f49-4adc-977f-d15a2b0b4c85 which can be used as unique global reference for Podec in MISP communities and other software using the MISP galaxy

External references

• https://securelist.com/sms-trojan-bypasses-captcha/69169// - webarchive

Associated metadata

Metadata key	Value

Chamois

Chamois is one of the largest PHA families in Android to date and is distributed through multiple channels. While much of the backdoor version of this family was cleaned up in 2016, a new variant emerged in 2017. To avoid detection, this version employs a number of techniques, such as implementing custom code obfuscation, preventing user notifications, and not appearing in the device’s app list. Chamois apps, which in many cases come preloaded with the system image, try to trick users into clicking ads by displaying deceptive graphics to commit WAP or SMS fraud.

Internal MISP references

UUID a53e93e6-2d17-11e8-a718-0bb6e34b87d0 which can be used as unique global reference for Chamois in MISP communities and other software using the MISP galaxy

External references

• https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - webarchive
• https://android-developers.googleblog.com/2017/03/detecting-and-eliminating-chamois-fraud.html - webarchive

Associated metadata

Metadata key	Value

IcicleGum

IcicleGum is a spyware PHA family whose apps rely on versions of the Igexin ads SDK that offer dynamic code-loading support. IcicleGum apps use this library's code-loading features to fetch encrypted DEX files over HTTP from command-and-control servers. The files are then decrypted and loaded via class reflection to read and send phone call logs and other data to remote locations.

Internal MISP references

UUID a5be6094-2d17-11e8-a5b1-ff153ed7d9c3 which can be used as unique global reference for IcicleGum in MISP communities and other software using the MISP galaxy

External references

• https://blog.lookout.com/igexin-malicious-sdk - webarchive
• https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

BreadSMS

BreadSMS is a large SMS-fraud PHA family that we started tracking at the beginning of 2017. These apps compose and send text messages to premium numbers without the user’s consent. In some cases, BreadSMS apps also implement subscription-based SMS fraud and silently enroll users in services provided by their mobile carriers. These apps are linked to a group of command-and-control servers whose IP addresses change frequently and that are used to provide the apps with premium SMS numbers and message text.

Internal MISP references

UUID 2c75b006-2d18-11e8-8f57-2714f7737ec5 which can be used as unique global reference for BreadSMS in MISP communities and other software using the MISP galaxy

External references

• https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - webarchive

Associated metadata

Metadata key	Value

JamSkunk

JamSkunk is a toll-fraud PHA family composed of apps that subscribe users to services without their consent. These apps disable Wi-Fi to force traffic to go through users' mobile data connection and then contact command-and-control servers to dynamically fetch code that tries to bypass the network’s WAP service subscription verification steps. This type of PHA monetizes their abuse via WAP billing, a payment method that works through mobile data connections and allows users to easily sign up and pay for new services using their existing account (i.e., services are billed directly by the carrier, and not the service provider; the user does not need a new account or a different form of payment). Once authentication is bypassed, JamSkunk apps enroll the device in services that the user may not notice until they receive and read their next bill.

Internal MISP references

UUID 1b5ff93c-2d1a-11e8-8559-07216a0f4416 which can be used as unique global reference for JamSkunk in MISP communities and other software using the MISP galaxy

External references

• https://blog.fosec.vn/malicious-applications-stayed-at-google-appstore-for-months-d8834ff4de59 - webarchive
• https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - webarchive

Associated metadata

Metadata key	Value

Expensive Wall

Expensive Wall is a family of SMS-fraud apps that affected a large number of devices in 2017. Expensive Wall apps use code obfuscation to slow down analysis and evade detection, and rely on the JS2Java bridge to allow JavaScript code loaded inside a Webview to call Java methods the way Java apps directly do. Upon launch, Expensive Wall apps connect to command-and-control servers to fetch a domain name. This domain is then contacted via a Webview instance that loads a webpage and executes JavaScript code that calls Java methods to compose and send premium SMS messages or click ads without users' knowledge.

Internal MISP references

UUID 1c105534-2d1a-11e8-af59-f3a9d10da2ae which can be used as unique global reference for Expensive Wall in MISP communities and other software using the MISP galaxy

External references

• https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - webarchive
• https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/ - webarchive

Associated metadata

Metadata key	Value

BambaPurple

BambaPurple is a two-stage toll-fraud PHA family that tries to trick users into installing it by disguising itself as a popular app. After install, the app disables Wi-Fi to force the device to use its 3G connection, then redirects to subscription pages without the user’s knowledge, clicks subscription buttons using downloaded JavaScript, and intercepts incoming subscription SMS messages to prevent the user from unsubscribing. In a second stage, BambaPurple installs a backdoor app that requests device admin privileges and drops a .dex file. This executable checks to make sure it is not being debugged, downloads even more apps without user consent, and displays ads.

Internal MISP references

UUID 1c90db8c-2d1a-11e8-8855-8b52c54dc70c which can be used as unique global reference for BambaPurple in MISP communities and other software using the MISP galaxy

External references

• https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - webarchive

Associated metadata

Metadata key	Value

KoreFrog

KoreFrog is a family of trojan apps that request permission to install packages and push other apps onto the device as system apps without the user’s authorization. System apps can be disabled by the user, but cannot be easily uninstalled. KoreFrog apps operate as daemons running in the background that try to impersonate Google and other system apps by using misleading names and icons to avoid detection. The KoreFrog PHA family has also been observed to serve ads, in addition to apps.

Internal MISP references

UUID 1cd12f7a-2d1a-11e8-9d61-5f382712fa0a which can be used as unique global reference for KoreFrog in MISP communities and other software using the MISP galaxy

External references

• https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - webarchive

Associated metadata

Metadata key	Value

Gaiaphish

Gaiaphish is a large family of trojan apps that target authentication tokens stored on the device to abuse the user’s privileges for various purposes. These apps use base64-encoded URL strings to avoid detection of the command-and-control servers they rely on to download APK files. These files contain phishing apps that try to steal GAIA authentication tokens that grant the user permissions to access Google services, such as Google Play, Google+, and YouTube. With these tokens, Gaiaphish apps are able to generate spam and automatically post content (for instance, fake app ratings and comments on Google Play app pages)

Internal MISP references

UUID 1dcd622c-2d1a-11e8-870e-9f50a5dd5a84 which can be used as unique global reference for Gaiaphish in MISP communities and other software using the MISP galaxy

External references

• https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - webarchive

Associated metadata

Metadata key	Value

RedDrop

RedDrop can perform a vast array of malicious actions, including recording nearby audio and uploading the data to cloud-storage accounts on Dropbox and Google Drive.

Internal MISP references

UUID 3178ca72-2ded-11e8-846e-eb40889b4f9f which can be used as unique global reference for RedDrop in MISP communities and other software using the MISP galaxy

External references

• https://www.bleepingcomputer.com/news/security/new-reddrop-android-spyware-records-nearby-audio/ - webarchive

Associated metadata

Metadata key	Value

HenBox

HenBox apps masquerade as others such as VPN apps, and Android system apps; some apps carry legitimate versions of other apps which they drop and install as a decoy technique. While some of legitimate apps HenBox uses as decoys can be found on Google Play, HenBox apps themselves are found only on third-party (non-Google Play) app stores. HenBox apps appear to primarily target the Uyghurs – a Turkic ethnic group living mainly in the Xinjiang Uyghur Autonomous Region in North West China. HenBox has ties to infrastructure used in targeted attacks, with a focus on politics in South East Asia. These attackers have used additional malware families in previous activity dating to at least 2015 that include PlugX, Zupdax, 9002, and Poison Ivy. HexBox apps target devices made by Chinese consumer electronics manufacture, Xiaomi and those running MIUI, Xiaomi’s operating system based on Google Android. Furthermore, the malicious apps register their intent to process certain events broadcast on compromised devices in order to execute malicious code. This is common practice for many Android apps, however, HenBox sets itself up to trigger based on alerts from Xiaomi smart-home IoT devices, and once activated, proceeds in stealing information from a myriad of sources, including many mainstream chat, communication and social media apps. The stolen information includes personal and device information.

Internal MISP references

UUID 72c37e24-4ead-11e8-8f08-db3ec8f8db86 which can be used as unique global reference for HenBox in MISP communities and other software using the MISP galaxy

External references

• https://researchcenter.paloaltonetworks.com/2018/04/unit42-henbox-inside-coop/ - webarchive

Associated metadata

Metadata key	Value

MysteryBot

Cybercriminals are currently developing a new strain of malware targeting Android devices which blends the features of a banking trojan, keylogger, and mobile ransomware.

Internal MISP references

UUID 53e2e7e8-70a8-11e8-b0f8-33fcf651adaf which can be used as unique global reference for MysteryBot in MISP communities and other software using the MISP galaxy

External references

• https://www.bleepingcomputer.com/news/security/new-mysterybot-android-malware-packs-a-banking-trojan-keylogger-and-ransomware/ - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Skygofree

At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – at the end of 2014. Since then, the implant’s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals. We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active. The activities continue: the most recently observed domain was registered on October 31, 2017. Based on our KSN statistics, there are several infected individuals, exclusively in Italy. Moreover, as we dived deeper into the investigation, we discovered several spyware tools for Windows that form an implant for exfiltrating sensitive data on a targeted machine. The version we found was built at the beginning of 2017, and at the moment we are not sure whether this implant has been used in the wild. We named the malware Skygofree, because we found the word in one of the domains.

Internal MISP references

UUID 3e19d162-9ee1-11e8-b8d7-d32141691f1f which can be used as unique global reference for Skygofree in MISP communities and other software using the MISP galaxy

External references

• https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/ - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

BusyGasper

A new family of spyware for Android grabbed the attention of security researchers through its unusual set of features and their original implementation. Tagged BusyGasper by security experts at Kaspersky, the malware stands out through its ability to monitor the various sensors present on the targeted phone. Based on the motion detection logs, it can recognize the opportune time for running and stopping its activity.

Internal MISP references

UUID 1c8e8070-bfe2-11e8-8c3e-7f31c66687a2 which can be used as unique global reference for BusyGasper in MISP communities and other software using the MISP galaxy

External references

• https://www.bleepingcomputer.com/news/security/unsophisticated-android-spyware-monitors-device-sensors/ - webarchive

Associated metadata

Metadata key	Value

Triout

Bitdefender says Triout samples they discovered were masquerading in a clone of a legitimate application, but they were unable to discover where this malicious app was being distributed from. The obvious guess would be via third-party Android app stores, or app-sharing forums, popular in some areas of the globe.

Internal MISP references

UUID 08965226-c8a9-11e8-ad82-b3fe44882268 which can be used as unique global reference for Triout in MISP communities and other software using the MISP galaxy

External references

• https://www.bleepingcomputer.com/news/security/new-android-triout-malware-can-record-phone-calls-steal-pictures/ - webarchive

Associated metadata

Metadata key	Value

AndroidOS_HidenAd

active adware family (detected by Trend Micro as AndroidOS_HidenAd) disguised as 85 game, TV, and remote control simulator apps on the Google Play store

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular AndroidOS_HidenAd.

Known Synonyms
AndroidOS_HiddenAd

Internal MISP references

UUID 64ee0ae8-2e78-43bf-b81b-e7e5c2e30cd0 which can be used as unique global reference for AndroidOS_HidenAd in MISP communities and other software using the MISP galaxy

External references

• https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/ - webarchive

Associated metadata

Metadata key	Value

Razdel

The Banking Trojan found in Google Play is identified as Razdel, a variant of BankBot mobile banking Trojan. This newly observed variant has taken mobile threats to the next level incorporating: Remote access Trojan functions, SMS interception, UI (User Interface) Overlay with masqueraded pages etc.

Internal MISP references

UUID aef548fb-76f5-4eb9-9942-f189cb0d16f6 which can be used as unique global reference for Razdel in MISP communities and other software using the MISP galaxy

External references

• http://www.virusremovalguidelines.com/tag/what-is-bankbot - webarchive
• https://mobile.twitter.com/pr3wtd/status/1097477833625088000 - webarchive

Associated metadata

Metadata key	Value

Vulture

Vulture is an Android banking trojan found in Google Play by ThreatFabric. It uses screen recording and keylogging as main strategy to harvest login credentials.

Internal MISP references

UUID 66026639-132f-436e-8348-1219714e9f62 which can be used as unique global reference for Vulture in MISP communities and other software using the MISP galaxy

External references

• https://www.threatfabric.com/blogs/vultur-v-for-vnc.html - webarchive
• https://twitter.com/icebre4ker/status/1485651238175846400 - webarchive

Associated metadata

Metadata key	Value

Anubis

Starting in June 2018, a number of new malware downloader samples that infect users with BankBot Anubis (aka Go_P00t) was discovered. The campaign features at least 10 malicious downloaders disguised as various applications, all of which fetch mobile banking Trojans that run on Android-based devices. Anubis Masquerades as Google Protect.

Internal MISP references

UUID d21ab582-2286-4827-9710-0eb283244ff1 which can be used as unique global reference for Anubis in MISP communities and other software using the MISP galaxy

External references

• https://securityintelligence.com/anubis-strikes-again-mobile-malware-continues-to-plague-users-in-official-app-stores/ - webarchive

Associated metadata

Metadata key	Value

GodFather

The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including banking applications, cryptocurrency wallets, and crypto exchanges. Few people realize that hiding under Godfather’s hood is an old banking Trojan called Anubis, whose functionality has become outdated due to Android updates and the efforts of malware detection and prevention providers. Group-IB first detected Godfather, a mobile banking Trojan that steals the banking and cryptocurrency exchange credentials of users, in June 2021. Almost a year later, in March 2022, researchers at Threat Fabric were the first to mention the banking Trojan publicly. A few months later, in June, the Trojan stopped being circulated. One of the reasons, Group-IB analysts believe, why Godfather was taken out of use was for developers to update the Trojan further. Sure enough, Godfather reappeared in September 2022, now with slightly modified WebSocket functionality.

Internal MISP references

UUID dddfa582-3df3-4832-bffe-c38e70b710ac which can be used as unique global reference for GodFather in MISP communities and other software using the MISP galaxy

External references

• https://blog.group-ib.com/godfather-trojan - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

Coper

Octo, also known as Coper or ExobotCompact, is an Android banking Trojan that evolved from the Exobot malware family, first observed in 2016. Initially based on the Marcher Trojan, Exobot targeted financial institutions globally until 2018, when a lighter version, ExobotCompact, emerged. By 2021, a new variant appeared, named Coper by some antivirus vendors, but later renamed as Octo — a rebranded and enhanced ExobotCompact. In 2024, Octo2, an even more advanced iteration, was released, driven partly by the leak of Octo’s source code. The Malware-as-a-Service (MaaS) model makes Octo accessible to even novice cybercriminals.

Synonyms

"synonyms" in the meta part typically refer to alternate names or labels that are associated with a particular Coper.

Known Synonyms
ExobotCompact
OCTO
Octo2

Internal MISP references

UUID 014585c6-39a6-4d72-a90e-dcffcb77ddd3 which can be used as unique global reference for Coper in MISP communities and other software using the MISP galaxy

External references

• https://malpedia.caad.fkie.fraunhofer.de/details/apk.coper - webarchive
• https://x.com/cleafylabs/status/1833145006585987374 - webarchive
• https://labs.k7computing.com/index.php/play-store-app-serves-coper-via-github/ - webarchive
• https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html - webarchive
• https://thehackernews.com/2022/04/new-octo-banking-trojan-spreading-via.html - webarchive
• https://cert-agid.gov.it/news/analisi-e-approfondimenti-tecnici-sul-malware-coper-utilizzato-per-attaccare-dispositivi-mobili/ - webarchive
• https://cert.pl/posts/2021/12/aktywacja-aplikacji-iko/ - webarchive
• https://blog.cyble.com/2022/03/24/coper-banking-trojan/ - webarchive
• https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant - webarchive
• https://www.trendmicro.com/en_us/research/22/g/examining-new-dawdropper-banking-dropper-and-daas-on-the-dark-we.html - webarchive
• https://resecurity.com/blog/article/in-the-box-mobile-malware-webinjects-marketplace - webarchive
• https://www.bleepingcomputer.com/news/security/new-android-banking-malware-remotely-takes-control-of-your-device/ - webarchive
• https://www.team-cymru.com/post/coper-octo-a-conductor-for-mobile-mayhem-with-eight-limbs - webarchive
• https://twitter.com/icebre4ker/status/1541875982684094465 - webarchive
• https://www.domaintools.com/resources/blog/uncovering-octo2-domains/ - webarchive
• https://news.drweb.com/show/?p=0&lng=en&i=14259&c=0 - webarchive
• https://info.spamhaus.com/hubfs/Botnet%20Reports/Jan-Jun%202024%20Botnet%20Threat%20Update.pdf - webarchive
• https://any.run/malware-trends/Octo/ - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.

ExoBot

an Android banking trojan that went inactive, and its source code leaked.

Internal MISP references

UUID 18291752-7340-4478-8347-63e402429a42 which can be used as unique global reference for ExoBot in MISP communities and other software using the MISP galaxy

External references

• https://malpedia.caad.fkie.fraunhofer.de/details/apk.exobot - webarchive
• https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html - webarchive
• https://www.bleepingcomputer.com/news/security/exobot-author-calls-it-quits-and-sells-off-banking-trojan-source-code/ - webarchive
• https://securityintelligence.com/ibm-x-force-delves-into-exobots-leaked-source-code/ - webarchive
• https://blog.cyble.com/2022/03/24/coper-banking-trojan/ - webarchive
• https://www.bleepingcomputer.com/news/security/new-exo-android-trojan-sold-on-hacking-forums-dark-web/ - webarchive
• https://www.bleepingcomputer.com/news/security/new-android-banking-malware-remotely-takes-control-of-your-device/ - webarchive
• https://www.bleepingcomputer.com/news/security/source-code-for-exobot-android-banking-trojan-leaked-online/ - webarchive
• https://any.run/malware-trends/Octo/ - webarchive

Associated metadata

Metadata key	Value

Related clusters

To see the related clusters, click here.