SHA1:c4e13a96b3eb308f88b3d1e16ea65bffcfb39fb0 挖矿
Family: Android.CoinMine
Action: the worm designed to mine the Monero (XMR) cryptocurrency on an infected Android device
SHA1:7ed01280dd254b063fecfdbf1da773df7738120a 注入恶意代码
Family: Android.Triada
Action: cybercriminals inject this Trojan into the libandroid_runtime.so system library.
Once the Trojans inject into this module, they penetrate other running applications.
In doing so, they obtain the ability to carry out various malicious activities without
a user’s intervention: they covertly download and launch software.
Android.DownLoader: as important plugins, next download Android.Spy
Android.DownLoader: Player, financial applications, the official Shell software, Battery
AndroidOS_Clipper 剪切板偷换钱包地址
SHA1:c71a842d93d04524d4df3f306c5d1d6ebc3c3bc7
Action: In the OnPrimaryClipChangedListener interface, the Trojan then adds a listener that tracks changes in the clipboard content and waits for a user to copy a number of one of the targeted digital wallets. Once the corresponding number is found in the clipboard, Android.Clipper.1.origin sends the number information to the http://fastfrmt.*****.tech command and control server. The malware then reconnects to the server and waits for the cybercriminals’ wallet number that belongs to the same payment system as the intercepted number. The Trojan tracks and replaces wallet numbers of the following payment systems and cryptocurrencies:
- QIWI
- WebMoney R
- WebMoney Z
- Yandex.Money
- Bitcoin
- Monero
- zCash
- DOGE
- DASH
- Etherium
- Blackcoin
- Litecoin
a VPN client
SHA1: 15962a1dd8f9b52891f9b62461e42541d7c182fe
Family:Android.DownLoader
Fake game
SHA1:
54ae640eae345c9b108ec33026eb03624e9840c8
c6e337f8525e6cea5297f81af3434d9a37d6db15
c8c051a0ef04dad228a020e9a23efa762cd5ecc0
c2719ccef70071b0cffa0c58557c6244c4a7da06
39306af4647badbbd87084ea3695c2ea725e837d
6437914d8f905bc8b9f24a6dee553f86af1f8721
e55b70f9edc7bb9fbdf46fef588d19ff5496312b
75bf69b54ffa399f19eccd705249125cf71c7e7c
8b077a4b8bba70c52ead31c76d8aa79c497b817c
8c15f223d143fd352829b6c29707ff20055d86f9
73c2add5c467a6e9f5722588da6db03ac6e35cb3
0b25c6c1706b46b87afc243366f299280b140503
d8a63e181680ab40644ded9f572e8251e3d13756
f25d0d6aff4ccc765684520bb8fa09388dc9d061
Action:
adware Trojans
Multi-component malicious applications 插件化
17814586a220c3c8161bba88207cbb32eb904dd8 can't output CRC
80b86b0f07e1136e26d7fa2a32edc2cb350638ae
798c2ac391ff8d566ba01be1dd784d474aef843e
b21179ac556f67500c023375c8f7118d00abd33b
1c87a5646a8416c63a3f46436aad70acdfd2e96b
96e98103f7b9a417c73fab98cc10f86d61677f95
7d98c8d2f069696de96baf5f229ad0cc4adcc864
8ea63ac78e719de757a0368de8a3fcfce3128b53
d6d3a6009e886630e892ded6fa5d984669aa347a
fe874c15147f18bdbac51adefbe6f72aede5ca4c
70d8dc3077f5a793e45522cf36ea0eb6bafe5132
782e68113c59bbd5a9c29aeb89c55fc97a7fdca1
d00104160c1b49eeba096d06c919497aabb2f348
c1fd29723e7f3680abf617b1b303454a6dc4b174
f1e840fc7cc9fe31412e6eec911eadc0724bc77e
d32c71b5dd70e65e5063edc6a748e292e2f30be1
415918324dc12f569d08f2b2bc3541a7f0e89786
7812cc65e892318924ed5047c2343d5285776656
17814586a220c3c8161bba88207cbb32eb904dd8
fc2853bd0148aadb0319a8cc156ba4f44cfccba6
47ff84252d2ab71e2ce3bf5f746a6637991f51fe
f3eccae75e8359748e6cddeacf048b8561b8288e
8d92758f8597a2cb2e4dadbe1fdea26d8def6437
661cdb32d08eba55d4d5201735347b5bbf962ff1
b7da8a34b13181804d7725f461f061536a0b74aa
bdac7863f3de3af3e91ce0082b921043e6dc07ca
f8e84cc7d493bba61b8acd5bb062166f22d05bb4
5454b1a2272811f3efc5c9f6e4c1654459af06a4
ae4b467d8aa9a4866ea70d91c9149b307ea3e4b4
- CoinMine
- inject
- important plugins
- Player
- financial applications
- the official Shell software
- Battery
- VPN client
- Fake game
- remote code
- digital wallets
- collections of recipes
- manuals
- voice assistants
- bookmaker applications