From 6d0952e4ed484ed08f3cda03212f22152fc08f5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Thu, 26 Oct 2017 18:45:05 -0400 Subject: [PATCH] Add android and banker galaxies --- clusters/android.json | 3748 +++++++++++++++++++++++++++++++++++++++++ clusters/banker.json | 400 +++++ galaxies/android.json | 8 + galaxies/banker.json | 8 + 4 files changed, 4164 insertions(+) create mode 100644 clusters/android.json create mode 100644 clusters/banker.json create mode 100644 galaxies/android.json create mode 100644 galaxies/banker.json diff --git a/clusters/android.json b/clusters/android.json new file mode 100644 index 0000000..6de1bc3 --- /dev/null +++ b/clusters/android.json @@ -0,0 +1,3748 @@ +{ + "values": [ + { + "value": "CopyCat", + "description": "CopyCat is a fully developed malware with vast capabilities, including rooting devices, establishing persistency, and injecting code into Zygote – a daemon responsible for launching apps in the Android operating system – that allows the malware to control any activity on the device.", + "meta": { + "refs": [ + "https://blog.checkpoint.com/2017/07/06/how-the-copycat-malware-infected-android-devices-around-the-world/" + ] + } + }, + { + "value": "Andr/Dropr-FH", + "description": "Andr/Dropr-FH can silently record audio and video, monitor texts and calls, modify files, and ultimately spawn ransomware.", + "meta": { + "refs": [ + "https://nakedsecurity.sophos.com/2017/07/21/watch-out-for-the-android-malware-that-snoops-on-your-phone/", + "https://www.neowin.net/news/the-ghostctrl-android-malware-can-silently-record-your-audio-and-steal-sensitive-data" + ], + "synonyms": [ + "GhostCtrl" + ] + } + }, + { + "value": "Judy", + "description": "The malware, dubbed Judy, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it.", + "meta": { + "refs": [ + "http://fortune.com/2017/05/28/android-malware-judy/", + "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/" + ] + } + }, + { + "value": "RedAlert2", + "description": "The trojan waits in hiding until the user opens a banking or social media app. When this happens, the trojan shows an HTML-based overlay on top of the original app, alerting the user of an error, and asking to reauthenticate. Red Alert then collects the user's credentials and sends them to its C&C server.", + "meta": { + "refs": [ + "https://www.bleepingcomputer.com/news/security/researchers-discover-new-android-banking-trojan/" + ] + } + }, + { + "value": "DoubleLocker", + "description": "DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data requesting a ransom. It will misuse accessibility services after being installed by impersonating the Adobe Flash player - similar to BankBot.", + "meta": { + "refs": [ + "https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/" + ] + } + }, + { + "value": "Svpeng", + "description": "Svpeng is a Banking trojan which acts as a keylogger. If the Android device is not Russian, Svpeng will ask for permission to use accessibility services. In abusing this service it will gain administrator rights allowing it to draw over other apps, send and receive SMS and take screenshots when keys are pressed. ", + "meta": { + "refs": [ + "https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/", + "https://www.theregister.co.uk/2017/08/02/banking_android_malware_in_uk/" + ], + "synonyms": [ + "Invisble Man" + ] + } + }, + { + "value": "LokiBot", + "description": "LokiBot is a banking trojan for Android 4.0 and higher. It can steal the information and send SMS messages. It has the ability to start web browsers, and banking applications, along with showing notifications impersonating other apps. Upon attempt to remove it will encrypt the devices' external storage requiring Bitcoins to decrypt files.", + "meta": { + "refs": [ + "https://clientsidedetection.com/lokibot___the_first_hybrid_android_malware.html" + ] + } + }, + { + "value": "BankBot", + "description": "The main goal of this malware is to steal banking credentials from the victim’s device. It usually impersonates flash player updaters, android system tools, or other legitimate applications.", + "meta": { + "refs": [ + "https://blog.fortinet.com/2017/09/19/a-look-into-the-new-strain-of-bankbot", + "https://forensics.spreitzenbarth.de/android-malware/" + ] + } + }, + { + "value": "Viking Horde", + "description": "In rooted devices, Viking Horde installs software and executes code remotely to get access to the mobile data.", + "meta": { + "refs": [ + "http://www.alwayson-network.com/worst-types-android-malware-2016/" + ] + } + }, + { + "value": "HummingBad", + "description": "A Chinese advertising company has developed this malware. The malware has the power to take control of devices; it forces users to click advertisements and download apps. The malware uses a multistage attack chain.", + "meta": { + "refs": [ + "http://www.alwayson-network.com/worst-types-android-malware-2016/", + "http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf" + ] + } + }, + { + "value": "Ackposts", + "description": "Ackposts is a Trojan horse for Android devices that steals the Contacts information from the compromised device and sends it to a predetermined location.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-072302-3943-99" + ] + } + }, + { + "value": "Wirex", + "description": "Wirex is a Trojan horse for Android devices that opens a backdoor on the compromised device which then joins a botnet for conducting click fraud.", + "meta": { + "refs": [ + "https://krebsonsecurity.com/2017/08/tech-firms-team-up-to-take-down-wirex-android-ddos-botnet/", + "http://www.zdnet.com/article/wirex-ddos-malware-given-udp-flood-capabilities/" + ] + } + }, + { + "value": "WannaLocker", + "description": "WannaLocker is a strain of ransomware for Android devices that encrypts files on the device's external storage and demands a payment to decrypt them.", + "meta": { + "refs": [ + "https://fossbytes.com/wannalocker-ransomware-wannacry-android/" + ] + } + }, + { + "value": "Switcher", + "description": "Swticher attempts to infiltrate a router's admin interface on the devices' WIFI network by using brute force techniques. If the attack succeeds, Switcher alters the DNS settings of the router, making it possible to reroute DNS queries to a network controlled by the malicious actors.", + "meta": { + "refs": [ + "http://www.zdnet.com/article/this-android-infecting-trojan-malware-uses-your-phone-to-attack-your-router/", + "https://www.theregister.co.uk/2017/01/03/android_trojan_targets_routers/" + ] + } + }, + { + "value": "Vibleaker", + "description": "Vibleaker was an app available on the Google Play Store named Beaver Gang Counter that contained malicious code that after specific orders from its maker would scan the user's phone for the Viber app, and then steal photos and videos recorded or sent through the app.", + "meta": { + "refs": [ + "http://news.softpedia.com/news/malicious-android-app-steals-viber-photos-and-videos-505758.shtml" + ] + } + }, + { + "value": "ExpensiveWall", + "description": "ExpensiveWall is Android malware that sends fraudulent premium SMS messages and charges users accounts for fake services without their knowledge", + "meta": { + "refs": [ + "https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/", + "http://fortune.com/2017/09/14/google-play-android-malware/" + ] + } + }, + { + "value": "Cepsohord", + "description": "Cepsohord is a Trojan horse for Android devices that uses compromised devices to commit click fraud, modify DNS settings, randomly delete essential files, and download additional malware such as ransomware.", + "meta": { + "refs": [ + "https://www.cyber.nj.gov/threat-profiles/android-malware-variants/cepsohord" + ] + } + }, + { + "value": "Fakem Rat", + "description": "Fakem RAT makes their network traffic look like well-known protocols (e.g. Messenger traffic, HTML pages).", + "meta": { + "refs": [ + "https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf", + "https://www.symantec.com/security_response/writeup.jsp?docid=2016-012608-1538-99" + ] + } + }, + { + "value": "GM Bot", + "description": "GM Bot – also known as Acecard, SlemBunk, or Bankosy – scams people into giving up their banking log-in credentials and other personal data by displaying overlays that look nearly identical to banking apps log-in pages. Subsequently, the malware intercepts SMS to obtain two-factor authentication PINs, giving cybercriminals full access to bank accounts.", + "meta": { + "refs": [ + "https://blog.avast.com/android-trojan-gm-bot-is-evolving-and-targeting-more-than-50-banks-worldwide" + ], + "synonyms": [ + "Acecard", + "SlemBunk", + "Bankosy" + ] + } + }, + { + "value": "Moplus", + "description": "The Wormhole vulnerability in the Moplus SDK could be exploited by hackers to open an unsecured and unauthenticated HTTP server connection on the user’s device, and this connection is established in the background without the user’s knowledge.", + "meta": { + "refs": [ + "http://securityaffairs.co/wordpress/41681/hacking/100m-android-device-baidu-moplus-sdk.html" + ] + } + }, + { + "value": "Adwind", + "description": "Adwind is a backdoor written purely in Java that targets system supporting the Java runtime environment. Commands that can be used, among other things, to display messages on the system, open URLs, update the malware, download/execute files, and download/load plugins. According to the author, the backdoor component can run on Windows, Mac OS, Linux and Android platforms providing rich capabilities for remote control, data gathering, data exfiltration and lateral movement.", + "meta": { + "refs": [ + "https://securelist.com/adwind-faq/73660/" + ], + "synonyms": [ + "AlienSpy", + "Frutas", + "Unrecom", + "Sockrat", + "Jsocket", + "jRat", + "Backdoor:Java/Adwind" + ] + } + }, + { + "value": "AdSms", + "description": "Adsms is a Trojan horse that may send SMS messages from Android devices.", + "meta": { + "refs": [ + "https://www.fortiguard.com/encyclopedia/virus/7389670", + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-051313-4039-99" + ] + } + }, + { + "value": "Airpush", + "description": "Airpush is a very aggresive Ad - Network", + "meta": { + "refs": [ + "https://crypto.stanford.edu/cs155old/cs155-spring16/lectures/18-mobile-malware.pdf" + ], + "synonyms": [ + "StopSMS" + ] + } + }, + { + "value": "BeanBot", + "description": "BeanBot forwards device's data to a remote server and sends out premium-rate SMS messages from the infected device.", + "meta": { + "refs": [ + "https://www.f-secure.com/v-descs/trojan_android_beanbot.shtml" + ] + } + }, + { + "value": "Kemoge", + "description": "Kemoge is adware that disguises itself as popular apps via repackaging, then allows for a complete takeover of the users Android device.", + "meta": { + "refs": [ + "https://www.fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html", + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-101207-3555-99" + ] + } + }, + { + "value": "Ghost Push", + "description": "Ghost Push is a family of malware that infects the Android OS by automatically gaining root access, downloading malicious software, masquerading as a system app, and then losing root access, which then makes it virtually impossible to remove the infection even by factory reset unless the firmware is reflashed.", + "meta": { + "refs": [ + "https://en.wikipedia.org/wiki/Ghost_Push", + "https://blog.avast.com/how-to-protect-your-android-device-from-ghost-push" + ] + } + }, + { + "value": "BeNews", + "description": "The BeNews app is a backdoor app that uses the name of defunct news site BeNews to appear legitimate. After installation it bypasses restrictions and downloads additional threats to the compromised device.", + "meta": { + "refs": [ + "http://blog.trendmicro.com/trendlabs-security-intelligence/fake-news-app-in-hacking-team-dump-designed-to-bypass-google-play/" + ] + } + }, + { + "value": "Accstealer", + "description": "Accstealer is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-012711-1159-99" + ] + } + }, + { + "value": "Acnetdoor", + "description": "Acnetdoor is a detection for Trojan horses on the Android platform that open a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-051611-4258-99" + ] + } + }, + { + "value": "Acnetsteal", + "description": "Acnetsteal is a detection for Trojan horses on the Android platform that steal information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-051612-0505-99" + ] + } + }, + { + "value": "Actech", + "description": "Actech is a Trojan horse for Android devices that steals information and sends it to a remote location. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-080111-3948-99" + ] + } + }, + { + "value": "AdChina", + "description": "AdChina is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032814-2947-99" + ] + } + }, + { + "value": "Adfonic", + "description": "Adfonic is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052615-0024-99" + ] + } + }, + { + "value": "AdInfo", + "description": "AdInfo is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-2433-99" + ] + } + }, + { + "value": "Adknowledge", + "description": "Adknowledge is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052822-1033-99" + ] + } + }, + { + "value": "AdMarvel", + "description": "AdMarvel is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-060621-2450-99" + ] + } + }, + { + "value": "AdMob", + "description": "AdMob is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052822-3437-99" + ] + } + }, + { + "value": "Adrd", + "description": "Adrd is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-021514-4954-99" + ] + } + }, + { + "value": "Aduru", + "description": "Aduru is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052618-2419-99" + ] + } + }, + { + "value": "Adwhirl", + "description": "Adwhirl is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052918-1414-99" + ] + } + }, + { + "value": "Adwlauncher", + "description": "Adwlauncher is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-082308-1823-99" + ] + } + }, + { + "value": "Adwo", + "description": "Adwo is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032814-5806-99" + ] + } + }, + { + "value": "Airad", + "description": "Airad is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032815-1704-99" + ] + } + }, + { + "value": "Alienspy", + "description": "Alienspy is a Trojan horse for Android devices that steals information from the compromised device. It may also download potentially malicious files. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-042714-5942-99" + ] + } + }, + { + "value": "AmazonAds", + "description": "AmazonAds is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052618-5002-99" + ] + } + }, + { + "value": "Answerbot", + "description": "Answerbot is a Trojan horse that opens a back door on Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-100711-2129-99" + ] + } + }, + { + "value": "Antammi", + "description": "Antammi is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-032106-5211-99" + ] + } + }, + { + "value": "Apkmore", + "description": "Apkmore is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040113-4813-99" + ] + } + }, + { + "value": "Aplog", + "description": "Aplog is a Trojan horse for Android devices that steals information from the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-100911-1023-99" + ] + } + }, + { + "value": "Appenda", + "description": "Appenda is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-062812-0516-99" + ] + } + }, + { + "value": "Apperhand", + "description": "Apperhand is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032815-5637-99" + ] + } + }, + { + "value": "Appleservice", + "description": "Appleservice is a Trojan horse for Android devices that may steal information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031011-4321-99" + ] + } + }, + { + "value": "AppLovin", + "description": "AppLovin is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040112-1739-99" + ] + } + }, + { + "value": "Arspam", + "description": "Arspam is a Trojan horse for Android devices that sends spam SMS messages to contacts on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-121915-3251-99" + ] + } + }, + { + "value": "Aurecord", + "description": "Aurecord is a spyware application for Android devices that allows the device it is installed on to be monitored. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031914-2310-99" + ] + } + }, + { + "value": "Backapp", + "description": "Backapp is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-092708-5017-99" + ] + } + }, + { + "value": "Backdexer", + "description": "Backdexer is a Trojan horse for Android devices that may send premium-rate SMS messages from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-121812-2502-99" + ] + } + }, + { + "value": "Backflash", + "description": "Backflash is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-091714-0427-99" + ] + } + }, + { + "value": "Backscript", + "description": "Backscript is a Trojan horse for Android devices that downloads files onto the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-090704-3639-99" + ] + } + }, + { + "value": "Badaccents", + "description": "Badaccents is a Trojan horse for Android devices that may download apps on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-123015-3618-99" + ] + } + }, + { + "value": "Badpush", + "description": "Badpush is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040311-4133-99" + ] + } + }, + { + "value": "Ballonpop", + "description": "Ballonpop is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-120911-1731-99" + ] + } + }, + { + "value": "Bankosy", + "description": "Bankosy is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99" + ] + } + }, + { + "value": "Bankun", + "description": "Bankun is a Trojan horse for Android devices that replaces certain banking applications on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-072318-4143-99" + ] + } + }, + { + "value": "Basebridge", + "description": "Basebridge is a Trojan horse that attempts to send premium-rate SMS messages to predetermined numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-060915-4938-99" + ] + } + }, + { + "value": "Basedao", + "description": "Basedao is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-061715-3303-99" + ] + } + }, + { + "value": "Batterydoctor", + "description": "Batterydoctor is Trojan that makes exaggerated claims about the device's ability to recharge the battery, as well as steal information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-101916-0847-99" + ] + } + }, + { + "value": "Beaglespy", + "description": "Beaglespy is an Android mobile detection for the Beagle spyware program as well as its associated client application.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-091010-0627-99" + ] + } + }, + { + "value": "Becuro", + "description": "Becuro is a Trojan horse for Android devices that downloads potentially malicious files onto the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-051410-3348-99" + ] + } + }, + { + "value": "Beita", + "description": "Beita is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-110111-1829-99" + ] + } + }, + { + "value": "Bgserv", + "description": "Bgserv is a Trojan that opens a back door and transmits information from the device to a remote location. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-031005-2918-99" + ] + } + }, + { + "value": "Biigespy", + "description": "Biigespy is an Android mobile detection for the Biige spyware program as well as its associated client application. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-091012-0526-99" + ] + } + }, + { + "value": "Bmaster", + "description": "Bmaster is a Trojan horse on the Android platform that opens a back door, downloads files and steals potentially confidential information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-020609-3003-99" + ] + } + }, + { + "value": "Bossefiv", + "description": "Bossefiv is a Trojan horse for Android devices that steals information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-061520-4322-99" + ] + } + }, + { + "value": "Boxpush", + "description": "Boxpush is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040207-4613-99" + ] + } + }, + { + "value": "Burstly", + "description": "Burstly is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052918-1443-99" + ] + } + }, + { + "value": "Buzzcity", + "description": "Buzzcity is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052918-1454-99" + ] + } + }, + { + "value": "ByPush", + "description": "ByPush is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040315-4708-99" + ] + } + }, + { + "value": "Cajino", + "description": "Cajino is a Trojan horse for Android devices that opens a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-040210-3746-99" + ] + } + }, + { + "value": "Casee", + "description": "Casee is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052919-3501-99" + ] + } + }, + { + "value": "Catchtoken", + "description": "Catchtoken is a Trojan horse for Android devices that intercepts SMS messages and opens a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-121619-0548-99" + ] + } + }, + { + "value": "Cauly", + "description": "Cauly is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052919-3454-99" + ] + } + }, + { + "value": "Cellshark", + "description": "Cellshark is a spyware application for Android devices that periodically gathers information from the device and uploads it to a predetermined location.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-111611-0914-99" + ] + } + }, + { + "value": "Centero", + "description": "Centero is a Trojan horse for Android devices that displays advertisements on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-053006-2502-99" + ] + } + }, + { + "value": "Chuli", + "description": "Chuli is a Trojan horse for Android devices that opens a back door and may steal information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-032617-1604-99" + ] + } + }, + { + "value": "Citmo", + "description": "Citmo is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-030715-5012-99" + ] + } + }, + { + "value": "Claco", + "description": "Claco is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-020415-5600-99" + ] + } + }, + { + "value": "Clevernet", + "description": "Clevernet is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040107-5257-99" + ] + } + }, + { + "value": "Cnappbox", + "description": "Cnappbox is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040215-1141-99" + ] + } + }, + { + "value": "Cobblerone", + "description": "Cobblerone is a spyware application for Android devices that can track the phone's location and remotely erase the device.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-111514-3846-99" + ] + } + }, + { + "value": "Coolpaperleak", + "description": "Coolpaperleak is a Trojan horse for Android devices that steals information and sends it to a remote location. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-080211-5757-99" + ] + } + }, + { + "value": "Coolreaper", + "description": "Coolreaper is a Trojan horse for Android devices that opens a back door on the compromised device. It may also steal information and download potentially malicious files. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-011220-3211-99" + ] + } + }, + { + "value": "Cosha", + "description": "Cosha is a spyware program for Android devices that monitors and sends certain information to a remote location.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-081712-5231-99" + ] + } + }, + { + "value": "Counterclank", + "description": "Counterclank is a Trojan horse for Android devices that steals information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-012709-4046-99" + ] + } + }, + { + "value": "Crazymedia", + "description": "Crazymedia is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040312-2547-99" + ] + } + }, + { + "value": "Crisis", + "description": "Crisis is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-071409-0636-99" + ] + } + }, + { + "value": "Crusewind", + "description": "Crusewind is a Trojan horse for Android devices that sends SMS messages to a premium-rate number. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-070301-5702-99" + ] + } + }, + { + "value": "Dandro", + "description": "Dandro is a Trojan horse for Android devices that allows a remote attacker to gain control over the device and steal information from it. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-012916-2128-99" + ] + } + }, + { + "value": "Daoyoudao", + "description": "Daoyoudao is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040214-5018-99" + ] + } + }, + { + "value": "Deathring", + "description": "Deathring is a Trojan horse for Android devices that may perform malicious activities on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-121116-4547-99" + ] + } + }, + { + "value": "Deeveemap", + "description": "Deeveemap is a Trojan horse for Android devices that downloads potentially malicious files onto the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2017-060907-5221-99" + ] + } + }, + { + "value": "Dendoroid", + "description": "Dendoroid is a Trojan horse for Android devices that opens a back door, steals information, and may perform other malicious activities on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-030418-2633-99" + ] + } + }, + { + "value": "Dengaru", + "description": "Dengaru is a Trojan horse for Android devices that performs click-fraud from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-051113-4819-99" + ] + } + }, + { + "value": "Diandong", + "description": "Diandong is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040207-2453-99" + ] + } + }, + { + "value": "Dianjin", + "description": "Dianjin is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040107-0313-99" + ] + } + }, + { + "value": "Dogowar", + "description": "Dogowar is a Trojan horse on the Android platform that sends SMS texts to all contacts on the device. It is a repackaged version of a game application called Dog Wars, which can be downloaded from a third party market and must be manually installed. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-081510-4323-99" + ] + } + }, + { + "value": "Domob", + "description": "Domob is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-4235-99" + ] + } + }, + { + "value": "Dougalek", + "description": "Dougalek is a Trojan horse for Android devices that steals information from the compromised device. The threat is typically disguised to display a video. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-041601-3400-99" + ] + } + }, + { + "value": "Dowgin", + "description": "Dowgin is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-033108-4723-99" + ] + } + }, + { + "value": "Droidsheep", + "description": "Droidsheep is a hacktool for Android devices that hijacks social networking accounts on compromised devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031014-3628-99" + ] + } + }, + { + "value": "Dropdialer", + "description": "Dropdialer is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-070909-0726-99" + ] + } + }, + { + "value": "Dupvert", + "description": "Dupvert is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. It may also perform other malicious activities. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-072313-1959-99" + ] + } + }, + { + "value": "Dynamicit", + "description": "Dynamicit is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040407-1346-99" + ] + } + }, + { + "value": "Ecardgrabber", + "description": "Ecardgrabber is an application that attempts to read details from NFC enabled credit cards. It attempts to read information from NFC enabled credit cards that are in close proximity.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-062215-0939-99" + ] + } + }, + { + "value": "Ecobatry", + "description": "Ecobatry is a Trojan horse for Android devices that steals information and sends it to a remote location. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-080606-4102-99" + ] + } + }, + { + "value": "Enesoluty", + "description": "Enesoluty is a Trojan horse for Android devices that steals information and sends it to a remote location. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-090607-0807-99" + ] + } + }, + { + "value": "Everbadge", + "description": "Everbadge is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-3736-99" + ] + } + }, + { + "value": "Ewalls", + "description": "Ewalls is a Trojan horse for the Android operating system that steals information from the mobile device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2010-073014-0854-99" + ] + } + }, + { + "value": "Exprespam", + "description": "Exprespam is a Trojan horse for Android devices that displays a fake message and steals personal information stored on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-010705-2324-99" + ] + } + }, + { + "value": "Fakealbums", + "description": "Fakealbums is a Trojan horse for Android devices that monitors and forwards received messages from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-071819-0636-99" + ] + } + }, + { + "value": "Fakeangry", + "description": "Fakeangry is a Trojan horse on the Android platform that opens a back door, downloads files, and steals potentially confidential information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-022823-4233-99" + ] + } + }, + { + "value": "Fakeapp", + "description": "Fakeapp is a Trojan horse for Android devices that downloads configuration files to display advertisements and collects information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-022805-4318-99" + ] + } + }, + { + "value": "Fakebanco", + "description": "Fakebanco is a Trojan horse for Android devices that redirects users to a phishing page in order to steal their information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-112109-5329-99" + ] + } + }, + { + "value": "Fakebank", + "description": "Fakebank is a Trojan horse that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-071813-2448-99" + ] + } + }, + { + "value": "Fakebank.B", + "description": "Fakebank.B is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-101114-5645-99" + ] + } + }, + { + "value": "Fakebok", + "description": "Fakebok is a Trojan horse for Android devices that sends SMS messages to premium phone numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-021115-5153-99" + ] + } + }, + { + "value": "Fakedaum", + "description": "Fakedaum is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-061813-3630-99" + ] + } + }, + { + "value": "Fakedefender", + "description": "Fakedefender is a Trojan horse for Android devices that displays fake security alerts in an attempt to convince the user to purchase an app in order to remove non-existent malware or security risks from the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-060301-4418-99" + ] + } + }, + { + "value": "Fakedefender.B", + "description": "Fakedefender.B is a Trojan horse for Android devices that displays fake security alerts in an attempt to convince the user to purchase an app in order to remove non-existent malware or security risks from the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-091013-3953-99" + ] + } + }, + { + "value": "Fakedown", + "description": "Fakedown is a Trojan horse for Android devices that downloads more malicious apps onto the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-041803-5918-99" + ] + } + }, + { + "value": "Fakeflash", + "description": "Fakeflash is a Trojan horse for Android devices that installs a fake Flash application in order to direct users to a website. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-070318-2122-99" + ] + } + }, + { + "value": "Fakegame", + "description": "Fakegame is a Trojan horse for Android devices that displays advertisements and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-040808-2922-99" + ] + } + }, + { + "value": "Fakeguard", + "description": "Fakeguard is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-102908-3526-99" + ] + } + }, + { + "value": "Fakejob", + "description": "Fakejob is a Trojan horse for Android devices that redirects users to scam websites. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-030721-3048-99" + ] + } + }, + { + "value": "Fakekakao", + "description": "Fakekakao is a Trojan horse for Android devices sends SMS messages to contacts stored on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-071617-2031-99" + ] + } + }, + { + "value": "Fakelemon", + "description": "Fakelemon is a Trojan horse for Android devices that blocks certain SMS messages and may subscribe to services without the user's consent. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-120609-3608-99" + ] + } + }, + { + "value": "Fakelicense", + "description": "Fakelicense is a Trojan horse that displays advertisements on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-062709-1437-99" + ] + } + }, + { + "value": "Fakelogin", + "description": "Fakelogin is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-102108-5457-99" + ] + } + }, + { + "value": "FakeLookout", + "description": "FakeLookout is a Trojan horse for Android devices that opens a back door and steals information on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-101919-2128-99" + ] + } + }, + { + "value": "FakeMart", + "description": "FakeMart is a Trojan horse for Android devices that may send SMS messages to premium rate numbers. It may also block incoming messages and steal information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-081217-1428-99" + ] + } + }, + { + "value": "Fakemini", + "description": "Fakemini is a Trojan horse for Android devices that disguises itself as an installation for the Opera Mini browser and sends premium-rate SMS messages to a predetermined number. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-110410-5958-99" + ] + } + }, + { + "value": "Fakemrat", + "description": "Fakemrat is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2016-012608-1538-99" + ] + } + }, + { + "value": "Fakeneflic", + "description": "Fakeneflic is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-101105-0518-99" + ] + } + }, + { + "value": "Fakenotify", + "description": "Fakenotify is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers, collects and sends information, and periodically displays Web pages. It also downloads legitimate apps onto the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-011302-3052-99" + ] + } + }, + { + "value": "Fakepatch", + "description": "Fakepatch is a Trojan horse for Android devices that downloads more files on to the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-062811-2820-99" + ] + } + }, + { + "value": "Fakeplay", + "description": "Fakeplay is a Trojan horse for Android devices that steals information from the compromised device and sends it to a predetermined email address. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-100917-3825-99" + ] + } + }, + { + "value": "Fakescarav", + "description": "Fakescarav is a Trojan horse for Android devices that displays fake security alerts in an attempt to convince the user to pay in order to remove non-existent malware or security risks from the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-012809-1901-99" + ] + } + }, + { + "value": "Fakesecsuit", + "description": "Fakesecsuit is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-060514-1301-99" + ] + } + }, + { + "value": "Fakesucon", + "description": "Fakesucon is a Trojan horse program for Android devices that sends SMS messages to premium-rate phone numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-120915-2524-99" + ] + } + }, + { + "value": "Faketaobao", + "description": "Faketaobao is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-062518-4057-99" + ] + } + }, + { + "value": "Faketaobao.B", + "description": "Faketaobao.B is a Trojan horse for Android devices that intercepts and and sends incoming SMS messages to a remote attacker. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-012106-4013-99" + ] + } + }, + { + "value": "Faketoken", + "description": "Faketoken is a Trojan horse that opens a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-032211-2048-99", + "http://bgr.com/2017/08/18/android-malware-faketoken-steal-credit-card-info/" + ] + } + }, + { + "value": "Fakeupdate", + "description": "Fakeupdate is a Trojan horse for Android devices that downloads other applications onto the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-081914-5637-99" + ] + } + }, + { + "value": "Fakevoice", + "description": "Fakevoice is a Trojan horse for Android devices that dials a premium-rate phone number. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-040510-3249-99" + ] + } + }, + { + "value": "Farmbaby", + "description": "Farmbaby is a spyware application for Android devices that logs certain information and sends SMS messages to a predetermined phone number.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-090715-3641-99" + ] + } + }, + { + "value": "Fauxtocopy", + "description": "Fauxtocopy is a spyware application for Android devices that gathers photos from the device and sends them to a predetermined email address.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-111515-3940-99" + ] + } + }, + { + "value": "Feiwo", + "description": "Feiwo is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040107-4038-99" + ] + } + }, + { + "value": "FindAndCall", + "description": "FindAndCall is a Potentially Unwanted Application for Android devices that may leak information.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031020-2906-99" + ] + } + }, + { + "value": "Finfish", + "description": "Finfish is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-083016-0032-99" + ] + } + }, + { + "value": "Fireleaker", + "description": "Fireleaker is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031814-5207-99" + ] + } + }, + { + "value": "Fitikser", + "description": "Fitikser is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-093015-2830-99" + ] + } + }, + { + "value": "Flexispy", + "description": "Flexispy is a Spyware application for Android devices that logs the device's activity and sends it to a predetermined website. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-122006-4805-99" + ] + } + }, + { + "value": "Fokonge", + "description": "Fokonge is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-071802-0727-99" + ] + } + }, + { + "value": "FoncySMS", + "description": "FoncySMS is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers. It may also connect to an IRC server and execute any received shell commands. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-011502-2651-99" + ] + } + }, + { + "value": "Frogonal", + "description": "Frogonal is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-062205-2312-99" + ] + } + }, + { + "value": "Ftad", + "description": "Ftad is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040114-2020-99" + ] + } + }, + { + "value": "Funtasy", + "description": "Funtasy is a Trojan horse for Android devices that subscribes the user to premium SMS services. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-092519-5811-99" + ] + } + }, + { + "value": "GallMe", + "description": "GallMe is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040312-1336-99" + ] + } + }, + { + "value": "Gamex", + "description": "Gamex is a Trojan horse for Android devices that downloads further threats. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-051015-1808-99" + ] + } + }, + { + "value": "Gappusin", + "description": "Gappusin is a Trojan horse for Android devices that downloads applications and disguises them as system updates. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-022007-2013-99" + ] + } + }, + { + "value": "Gazon", + "description": "Gazon is a worm for Android devices that spreads through SMS messages. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-030320-1436-99" + ] + } + }, + { + "value": "Geinimi", + "description": "Geinimi is a Trojan that opens a back door and transmits information from the device to a remote location. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-010111-5403-99" + ] + } + }, + { + "value": "Generisk", + "description": "Generisk is a generic detection for Android applications that may pose a privacy, security, or stability risk to the user or user's Android device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-062622-1559-99" + ] + } + }, + { + "value": "Genheur", + "description": "Genheur is a generic detection for many individual but varied Trojans for Android devices for which specific definitions have not been created. A generic detection is used because it protects against many Trojans that share similar characteristics. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032613-0848-99" + ] + } + }, + { + "value": "Genpush", + "description": "Genpush is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-033109-0426-99" + ] + } + }, + { + "value": "GeoFake", + "description": "GeoFake is a Trojan horse for Android devices that sends SMS messages to premium-rate numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-040217-3232-99" + ] + } + }, + { + "value": "Geplook", + "description": "Geplook is a Trojan horse for Android devices that downloads additional apps onto the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-121814-0917-99" + ] + } + }, + { + "value": "Getadpush", + "description": "Getadpush is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040112-0957-99" + ] + } + }, + { + "value": "Ggtracker", + "description": "Ggtracker is a Trojan horse for Android devices that sends SMS messages to a premium-rate number. It may also steal information from the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-062208-5013-99" + ] + } + }, + { + "value": "Ghostpush", + "description": "Ghostpush is a Trojan horse for Android devices that roots the compromised device. It may then perform malicious activities on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-100215-3718-99" + ] + } + }, + { + "value": "Gmaster", + "description": "Gmaster is a Trojan horse on the Android platform that steals potentially confidential information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-082404-5049-99" + ] + } + }, + { + "value": "Godwon", + "description": "Godwon is a Trojan horse for Android devices that steals information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-091017-1833-99" + ] + } + }, + { + "value": "Golddream", + "description": "Golddream is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-070608-4139-99" + ] + } + }, + { + "value": "Goldeneagle", + "description": "Goldeneagle is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-090110-3712-99" + ] + } + }, + { + "value": "Golocker", + "description": "Golocker is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-062003-3214-99" + ] + } + }, + { + "value": "Gomal", + "description": "Gomal is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-101312-1047-99" + ] + } + }, + { + "value": "Gonesixty", + "description": "Gonesixty is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-093001-2649-99" + ] + } + }, + { + "value": "Gonfu", + "description": "Gonfu is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-060610-3953-99" + ] + } + }, + { + "value": "Gonfu.B", + "description": "Gonfu.B is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-030811-5215-99" + ] + } + }, + { + "value": "Gonfu.C", + "description": "Gonfu.C is a Trojan horse for Android devices that may download additional threats on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031817-3639-99" + ] + } + }, + { + "value": "Gonfu.D", + "description": "Gonfu.D is a Trojan horse that opens a back door on Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-040414-1158-99" + ] + } + }, + { + "value": "Gooboot", + "description": "Gooboot is a Trojan horse for Android devices that may send text messages to premium rate numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031818-3034-99" + ] + } + }, + { + "value": "Goodadpush", + "description": "Goodadpush is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040108-0913-99" + ] + } + }, + { + "value": "Greystripe", + "description": "Greystripe is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052919-2643-99" + ] + } + }, + { + "value": "Gugespy", + "description": "Gugespy is a spyware program for Android devices that logs the device's activity and sends it to a predetermined email address.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-071822-2515-99" + ] + } + }, + { + "value": "Gugespy.B", + "description": "Gugespy.B is a spyware program for Android devices that monitors and sends certain information to a remote location.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-070511-5038-99" + ] + } + }, + { + "value": "Gupno", + "description": "Gupno is a Trojan horse for Android devices that poses as a legitimate app and attempts to charge users for features that are normally free. It may also display advertisements on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-072211-5533-99" + ] + } + }, + { + "value": "Habey", + "description": "Habey is a Trojan horse for Android devices that may attempt to delete files and send SMS messages from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-100608-4512-99" + ] + } + }, + { + "value": "Handyclient", + "description": "Handyclient is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040307-5027-99" + ] + } + }, + { + "value": "Hehe", + "description": "Hehe is a Trojan horse for Android devices that blocks incoming calls and SMS messages from specific numbers. The Trojan also steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-012211-0020-99" + ] + } + }, + { + "value": "Hesperbot", + "description": "Hesperbot is a Trojan horse for Android devices that opens a back door on the compromised device and may steal information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-121010-1120-99" + ] + } + }, + { + "value": "Hippo", + "description": "Hippo is a Trojan horse that sends SMS messages to premium-rate phone numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-071215-3547-99" + ] + } + }, + { + "value": "Hippo.B", + "description": "Hippo.B is a Trojan horse that sends SMS messages to premium-rate phone numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031915-0151-99" + ] + } + }, + { + "value": "IadPush", + "description": "IadPush is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040315-4104-99" + ] + } + }, + { + "value": "iBanking", + "description": "iBanking is a Trojan horse for Android devices that opens a back door on the compromised device and may steal information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-030713-0559-99" + ] + } + }, + { + "value": "Iconosis", + "description": "Iconosis is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-062107-3327-99" + ] + } + }, + { + "value": "Iconosys", + "description": "Iconosys is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-081309-0341-99" + ] + } + }, + { + "value": "Igexin", + "description": "Igexin is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-032606-5519-99" + ] + } + }, + { + "value": "ImAdPush", + "description": "ImAdPush is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040323-0218-99" + ] + } + }, + { + "value": "InMobi", + "description": "InMobi is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052713-1527-99" + ] + } + }, + { + "value": "Jifake", + "description": "Jifake is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-073021-4247-99" + ] + } + }, + { + "value": "Jollyserv", + "description": "Jollyserv is a Trojan horse for Android devices that sends SMS messages and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-090311-4533-99" + ] + } + }, + { + "value": "Jsmshider", + "description": "Jsmshider is a Trojan horse that opens a back door on Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-062114-0857-99" + ] + } + }, + { + "value": "Ju6", + "description": "Ju6 is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-2428-99" + ] + } + }, + { + "value": "Jumptap", + "description": "Jumptap is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052713-0859-99" + ] + } + }, + { + "value": "Jzmob", + "description": "Jzmob is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040207-1703-99" + ] + } + }, + { + "value": "Kabstamper", + "description": "Kabstamper is a Trojan horse for Android devices that corrupts images found on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-060706-2305-99" + ] + } + }, + { + "value": "Kidlogger", + "description": "Kidlogger is a Spyware application for Android devices that logs the device's activity and sends it to a predetermined website.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-122014-1927-99" + ] + } + }, + { + "value": "Kielog", + "description": "Kielog is a Trojan horse for Android devices that logs keystrokes and sends the stolen information to the remote attacker. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-040205-4035-99" + ] + } + }, + { + "value": "Kituri", + "description": "Kituri is a Trojan horse for Android devices that blocks certain SMS messages from being received by the device. It may also send SMS messages to a premium-rate number. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-061111-5350-99" + ] + } + }, + { + "value": "Kranxpay", + "description": "Kranxpay is a Trojan horse for Android devices that downloads other apps onto the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-071009-0809-99" + ] + } + }, + { + "value": "Krysanec", + "description": "Krysanec is a Trojan horse for Android devices that opens a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-090113-4128-99" + ] + } + }, + { + "value": "Kuaidian360", + "description": "Kuaidian360 is an advertisement library that is bundled with certain Android applications. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040109-2415-99" + ] + } + }, + { + "value": "Kuguo", + "description": "Kuguo is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040315-5215-99" + ] + } + }, + { + "value": "Lastacloud", + "description": "Lastacloud is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-121216-4334-99" + ] + } + }, + { + "value": "Laucassspy", + "description": "Laucassspy is a spyware program for Android devices that steals information and sends it to a remote location.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-092409-1822-99" + ] + } + }, + { + "value": "Lifemonspy", + "description": "Lifemonspy is a spyware application for Android devices that can track the phone's location, download SMS messages, and erase certain data from the device.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-111516-5540-99" + ] + } + }, + { + "value": "Lightdd", + "description": "Lightdd is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-053114-2342-99" + ] + } + }, + { + "value": "Loaderpush", + "description": "Loaderpush is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040108-0244-99" + ] + } + }, + { + "value": "Locaspy", + "description": "Locaspy is a Potentially Unwanted Application for Android devices that tracks the location of the compromised device.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-030720-3500-99" + ] + } + }, + { + "value": "Lockdroid.E", + "description": "Lockdroid.E is a Trojan horse for Android devices that locks the screen and displays a ransom demand on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-103005-2209-99" + ] + } + }, + { + "value": "Lockdroid.F", + "description": "Lockdroid.F is a Trojan horse for Android devices that locks the screen and displays a ransom demand on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-102215-4346-99" + ] + } + }, + { + "value": "Lockdroid.G", + "description": "Lockdroid.G is a Trojan horse for Android devices that may display a ransom demand on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-050610-2450-99" + ] + } + }, + { + "value": "Lockdroid.H", + "description": "Lockdroid.H is a Trojan horse for Android devices that locks the screen and displays a ransom demand on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2016-031621-1349-99" + ] + } + }, + { + "value": "Lockscreen", + "description": "Lockscreen is a Trojan horse for Android devices that locks the compromised device from use. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-032409-0743-99" + ] + } + }, + { + "value": "LogiaAd", + "description": "LogiaAd is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052713-0348-99" + ] + } + }, + { + "value": "Loicdos", + "description": "Loicdos is an Android application that provides an interface to a website in order to perform a denial of service (DoS) attack against a computer. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-022002-2431-99" + ] + } + }, + { + "value": "Loozfon", + "description": "Loozfon is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-082005-5451-99" + ] + } + }, + { + "value": "Lotoor", + "description": "Lotoor is a generic detection for hack tools that exploit vulnerabilities in order to gain root privileges on compromised Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-091922-4449-99" + ] + } + }, + { + "value": "Lovespy", + "description": "Lovespy is a Trojan horse for Android devices that steals information from the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-071814-3805-99" + ] + } + }, + { + "value": "Lovetrap", + "description": "Lovetrap is a Trojan horse that sends SMS messages to premium-rate phone numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-072806-2905-99" + ] + } + }, + { + "value": "Luckycat", + "description": "Luckycat is a Trojan horse for Android devices that opens a back door and steals information on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-080617-5343-99" + ] + } + }, + { + "value": "Machinleak", + "description": "Machinleak is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-120311-2440-99" + ] + } + }, + { + "value": "Maistealer", + "description": "Maistealer is a Trojan that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-072411-4350-99" + ] + } + }, + { + "value": "Malapp", + "description": "Malapp is a generic detection for many individual but varied threats on Android devices that share similar characteristics. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-073014-3354-99" + ] + } + }, + { + "value": "Malebook", + "description": "Malebook is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-071206-3403-99" + ] + } + }, + { + "value": "Malhome", + "description": "Malhome is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-071118-0441-99" + ] + } + }, + { + "value": "Malminer", + "description": "Malminer is a Trojan horse for Android devices that mines cryptocurrencies on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032712-3709-99" + ] + } + }, + { + "value": "Mania", + "description": "Mania is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-070623-1520-99" + ] + } + }, + { + "value": "Maxit", + "description": "Maxit is a Trojan horse for Android devices that opens a back door on the compromised device. It also steals certain information and uploads it to a remote location. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-120411-2511-99" + ] + } + }, + { + "value": "MdotM", + "description": "MdotM is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-5824-99" + ] + } + }, + { + "value": "Medialets", + "description": "Medialets is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-5222-99" + ] + } + }, + { + "value": "Meshidden", + "description": "Meshidden is a spyware application for Android devices that allows the device it is installed on to be monitored.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031913-5257-99" + ] + } + }, + { + "value": "Mesploit", + "description": "Mesploit is a tool for Android devices used to create applications that exploit the Android Fake ID vulnerability.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-032014-2847-99" + ] + } + }, + { + "value": "Mesprank", + "description": "Mesprank is a Trojan horse for Android devices that opens a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-030717-1933-99" + ] + } + }, + { + "value": "Meswatcherbox", + "description": "Meswatcherbox is a spyware application for Android devices that forwards SMS messages without the user knowing.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-111612-2736-99" + ] + } + }, + { + "value": "Miji", + "description": "Miji is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032815-4720-99" + ] + } + }, + { + "value": "Milipnot", + "description": "Milipnot is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-070414-0941-99" + ] + } + }, + { + "value": "MillennialMedia", + "description": "MillennialMedia is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-4602-99" + ] + } + }, + { + "value": "Mitcad", + "description": "Mitcad is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040212-0528-99" + ] + } + }, + { + "value": "MobClix", + "description": "MobClix is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-4011-99" + ] + } + }, + { + "value": "MobFox", + "description": "MobFox is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-3050-99" + ] + } + }, + { + "value": "Mobidisplay", + "description": "Mobidisplay is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040312-0435-99" + ] + } + }, + { + "value": "Mobigapp", + "description": "Mobigapp is a Trojan horse for Android devices that downloads applications disguised as system updates. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-062520-5802-99" + ] + } + }, + { + "value": "MobileBackup", + "description": "MobileBackup is a spyware application for Android devices that monitors the affected device.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031020-0040-99" + ] + } + }, + { + "value": "Mobilespy", + "description": "Mobilespy is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-071512-0653-99" + ] + } + }, + { + "value": "Mobiletx", + "description": "Mobiletx is a Trojan horse for Android devices that steals information from the compromised device. It may also send SMS messages to a premium-rate number. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-052807-4439-99" + ] + } + }, + { + "value": "Mobinaspy", + "description": "Mobinaspy is a spyware application for Android devices that can track the device's location.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-111516-0511-99" + ] + } + }, + { + "value": "Mobus", + "description": "Mobus is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-2006-99" + ] + } + }, + { + "value": "MobWin", + "description": "MobWin is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-1522-99" + ] + } + }, + { + "value": "Mocore", + "description": "Mocore is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-092112-4603-99" + ] + } + }, + { + "value": "Moghava", + "description": "Moghava is a Trojan horse for Android devices that modifies images that are stored on the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-022712-2822-99" + ] + } + }, + { + "value": "Momark", + "description": "Momark is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040113-5529-99" + ] + } + }, + { + "value": "Monitorello", + "description": "Monitorello is a spyware application for Android devices that allows the device it is installed on to be monitored.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031914-4737-99" + ] + } + }, + { + "value": "Moolah", + "description": "Moolah is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-1007-99" + ] + } + }, + { + "value": "MoPub", + "description": "MoPub is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-2456-99" + ] + } + }, + { + "value": "Morepaks", + "description": "Morepaks is a Trojan horse for Android devices that downloads remote files and may display advertisements on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-071204-1130-99" + ] + } + }, + { + "value": "Nandrobox", + "description": "Nandrobox is a Trojan horse for Android devices that steals information from the compromised device. It also deletes certain SMS messages from the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-070212-2132-99" + ] + } + }, + { + "value": "Netisend", + "description": "Netisend is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-080207-1139-99" + ] + } + }, + { + "value": "Nickispy", + "description": "Nickispy is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-072714-3613-99" + ] + } + }, + { + "value": "Notcompatible", + "description": "Notcompatible is a Trojan horse for Android devices that acts as a proxy. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-050307-2712-99" + ] + } + }, + { + "value": "Nuhaz", + "description": "Nuhaz is a Trojan horse for Android devices that may intercept text messages on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031814-3416-99" + ] + } + }, + { + "value": "Nyearleaker", + "description": "Nyearleaker is a Trojan horse program for Android devices that steals information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-010514-0844-99" + ] + } + }, + { + "value": "Obad", + "description": "Obad is a Trojan horse for Android devices that opens a back door, steals information, and downloads files. It also sends SMS messages to premium-rate numbers and spreads malware to Bluetooth-enabled devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-060411-4146-99" + ] + } + }, + { + "value": "Oneclickfraud", + "description": "Oneclickfraud is a Trojan horse for Android devices that attempts to coerce a user into paying for a pornographic service. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-011205-4412-99" + ] + } + }, + { + "value": "Opfake", + "description": "Opfake is a detection for Trojan horses on the Android platform that send SMS texts to premium-rate numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-012709-2732-99" + ] + } + }, + { + "value": "Opfake.B", + "description": "Opfake.B is a Trojan horse for the Android platform that may receive commands from a remote attacker to perform various functions. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-022406-1309-99" + ] + } + }, + { + "value": "Ozotshielder", + "description": "Ozotshielder is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-091505-3230-99" + ] + } + }, + { + "value": "Pafloat", + "description": "Pafloat is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040215-2015-99" + ] + } + }, + { + "value": "PandaAds", + "description": "PandaAds is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040312-1959-99" + ] + } + }, + { + "value": "Pandbot", + "description": "Pandbot is a Trojan horse for Android devices that may download more files onto the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-071215-1454-99" + ] + } + }, + { + "value": "Pdaspy", + "description": "Pdaspy is a spyware application for Android devices that periodically gathers information from the device and uploads it to a predetermined location.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-111612-0749-99" + ] + } + }, + { + "value": "Penetho", + "description": "Penetho is a hacktool for Android devices that can be used to crack the WiFi password of the router that the device is using.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-100110-3614-99" + ] + } + }, + { + "value": "Perkel", + "description": "Perkel is a Trojan horse for Android devices that may steal information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-082811-4213-99" + ] + } + }, + { + "value": "Phimdropper", + "description": "Phimdropper is a Trojan horse for Android devices that sends and intercepts incoming SMS messages. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-021002-2943-99" + ] + } + }, + { + "value": "Phospy", + "description": "Phospy is a Trojan horse for Android devices that steals confidential information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-060706-4803-99" + ] + } + }, + { + "value": "Piddialer", + "description": "Piddialer is a Trojan horse for Android devices that dials premium-rate numbers from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-111020-2247-99" + ] + } + }, + { + "value": "Pikspam", + "description": "Pikspam is a Trojan horse for Android devices that sends spam SMS messages from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-121815-0336-99" + ] + } + }, + { + "value": "Pincer", + "description": "Pincer is a Trojan horse for Android devices that steals confidential information and opens a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-052307-3530-99" + ] + } + }, + { + "value": "Pirator", + "description": "Pirator is a Trojan horse on the Android platform that downloads files and steals potentially confidential information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-021609-5740-99" + ] + } + }, + { + "value": "Pjapps", + "description": "Pjapps is a Trojan horse that has been embedded on third party applications and opens a back door on the compromised device. It retrieves commands from a remote command and control server. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-022303-3344-99" + ] + } + }, + { + "value": "Pjapps.B", + "description": "Pjapps.B is a Trojan horse for Android devices that opens a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032014-1624-99" + ] + } + }, + { + "value": "Pletora", + "description": "Pletora is a is a Trojan horse for Android devices that may lock the compromised device. It then asks the user to pay in order to unlock the device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-061217-4345-99" + ] + } + }, + { + "value": "Poisoncake", + "description": "Poisoncake is a Trojan horse for Android devices that opens a back door on the compromised device. It may also download potentially malicious files and steal information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-010610-0726-99" + ] + } + }, + { + "value": "Pontiflex", + "description": "Pontiflex is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052618-0946-99" + ] + } + }, + { + "value": "Positmob", + "description": "Positmob is a Trojan horse program for Android devices that sends SMS messages to premium rate phone numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-111409-1556-99" + ] + } + }, + { + "value": "Premiumtext", + "description": "Premiumtext is a detection for Trojan horses on the Android platform that send SMS texts to premium-rate numbers. These Trojans will often be repackaged versions of genuine Android software packages, often distributed outside the Android Marketplace. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-080213-5308-99" + ] + } + }, + { + "value": "Pris", + "description": "Pris is a Trojan horse for Android devices that silently downloads a malicious application and attempts to open a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-061820-5638-99" + ] + } + }, + { + "value": "Qdplugin", + "description": "Qdplugin is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-102510-3330-99" + ] + } + }, + { + "value": "Qicsomos", + "description": "Qicsomos is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-011007-2223-99" + ] + } + }, + { + "value": "Qitmo", + "description": "Qitmo is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-030716-4923-99" + ] + } + }, + { + "value": "Rabbhome", + "description": "Rabbhome is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-053007-3750-99" + ] + } + }, + { + "value": "Repane", + "description": "Repane is a Trojan horse for Android devices that steals information and sends SMS messages from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-090411-5052-99" + ] + } + }, + { + "value": "Reputation.1", + "description": "Reputation.1 is a detection for Android files based on analysis performed by Norton Mobile Insight. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-022612-2619-99" + ] + } + }, + { + "value": "Reputation.2", + "description": "Reputation.2 is a detection for Android files based on analysis performed by Norton Mobile Insight. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-022613-2629-99" + ] + } + }, + { + "value": "Reputation.3", + "description": "Reputation.3 is a detection for Android files based on analysis performed by Norton Mobile Insight. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-022613-3126-99" + ] + } + }, + { + "value": "RevMob", + "description": "RevMob is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040308-0502-99" + ] + } + }, + { + "value": "Roidsec", + "description": "Roidsec is a Trojan horse for Android devices that steals confidential information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-052022-1227-99" + ] + } + }, + { + "value": "Rootcager", + "description": "Rootcager is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-030212-1438-99" + ] + } + }, + { + "value": "Rootnik", + "description": "Rootnik is a Trojan horse for Android devices that steals information and downloads additional apps. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2016-062710-0328-99" + ] + } + }, + { + "value": "Rufraud", + "description": "Rufraud is a Trojan horse for Android devices that sends SMS messages to premium-rate phone numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-121306-2304-99" + ] + } + }, + { + "value": "Rusms", + "description": "Rusms is a Trojan horse for Android devices that sends SMS messages and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-061711-5009-99" + ] + } + }, + { + "value": "Samsapo", + "description": "Samsapo is a worm for Android devices that spreads by sending SMS messages to all contacts stored on the compromised device. It also opens a back door and downloads files. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-050111-1908-99" + ] + } + }, + { + "value": "Sandorat", + "description": "Sandorat is a Trojan horse for Android devices that opens a back door on the compromised device. It also steals information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-110720-2146-99" + ] + } + }, + { + "value": "Sberick", + "description": "Sberick is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-071014-2146-99" + ] + } + }, + { + "value": "Scartibro", + "description": "Scartibro is a Trojan horse for Android devices that locks the compromised device and asks the user to pay in order to unlock it. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-080718-2038-99" + ] + } + }, + { + "value": "Scipiex", + "description": "Scipiex is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-100814-4702-99" + ] + } + }, + { + "value": "Selfmite", + "description": "Selfmite is a worm for Android devices that spreads through SMS messages. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-070111-5857-99" + ] + } + }, + { + "value": "Selfmite.B", + "description": "Selfmite.B is a worm for Android devices that displays ads on the compromised device. It spreads through SMS messages. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-101013-4717-99" + ] + } + }, + { + "value": "SellARing", + "description": "SellARing is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040407-3157-99" + ] + } + }, + { + "value": "SendDroid", + "description": "SendDroid is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040311-2111-99" + ] + } + }, + { + "value": "Simhosy", + "description": "Simhosy is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-061013-3955-99" + ] + } + }, + { + "value": "Simplocker", + "description": "Simplocker is a Trojan horse for Android devices that may encrypt files on the compromised device. It then asks the user to pay in order to decrypt these files. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-060610-5533-99" + ] + } + }, + { + "value": "Simplocker.B", + "description": "Simplocker.B is a Trojan horse for Android devices that may encrypt files on the compromised device. It then asks the user to pay in order to decrypt these files. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-072317-1950-99" + ] + } + }, + { + "value": "Skullkey", + "description": "Skullkey is a Trojan horse for Android devices that gives the attacker remote control of the compromised device to perform malicious activity. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-072322-5422-99" + ] + } + }, + { + "value": "Smaato", + "description": "Smaato is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052622-1755-99" + ] + } + }, + { + "value": "Smbcheck", + "description": "Smbcheck is a hacktool for Android devices that can trigger a Server Message Block version 2 (SMBv2) vulnerability and may cause the target computer to crash.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032613-5634-99" + ] + } + }, + { + "value": "Smsblocker", + "description": "Smsblocker is a generic detection for threats on Android devices that block the transmission of SMS messages. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-081607-4001-99" + ] + } + }, + { + "value": "Smsbomber", + "description": "Smsbomber is a program that can be used to send messages to contacts on the device.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-112611-5837-99" + ] + } + }, + { + "value": "Smslink", + "description": "Smslink is a Trojan horse for Android devices that may send malicious SMS messages from the compromised device. It may also display advertisements. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-112600-3035-99" + ] + } + }, + { + "value": "Smspacem", + "description": "Smspacem is a Trojan horse that may send SMS messages from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-052310-1322-99" + ] + } + }, + { + "value": "SMSReplicator", + "description": "SMSReplicator is a spying utility that will secretly transmit incoming SMS messages to another phone of the installer's choice. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2010-110214-1252-99" + ] + } + }, + { + "value": "Smssniffer", + "description": "Smssniffer is a Trojan horse that intercepts SMS messages on Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-071108-3626-99" + ] + } + }, + { + "value": "Smsstealer", + "description": "Smsstealer is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-121514-0214-99" + ] + } + }, + { + "value": "Smstibook", + "description": "Smstibook is a Trojan horse that attempts to send premium-rate SMS messages to predetermined numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-051207-4833-99" + ] + } + }, + { + "value": "Smszombie", + "description": "Smszombie is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-082011-0922-99" + ] + } + }, + { + "value": "Snadapps", + "description": "Snadapps is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-071807-3111-99" + ] + } + }, + { + "value": "Sockbot", + "description": "Sockbot is a Trojan horse for Android devices that creates a SOCKS proxy on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2017-101314-1353-99" + ] + } + }, + { + "value": "Sockrat", + "description": "Sockrat is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-110509-4646-99" + ] + } + }, + { + "value": "Sofacy", + "description": "Sofacy is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2017-010508-5201-99" + ] + } + }, + { + "value": "Sosceo", + "description": "Sosceo is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040408-0609-99" + ] + } + }, + { + "value": "Spitmo", + "description": "Spitmo is a Trojan horse that steals information from Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-091407-1435-99" + ] + } + }, + { + "value": "Spitmo.B", + "description": "Spitmo.B is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-030715-0445-99" + ] + } + }, + { + "value": "Spyagent", + "description": "Spyagent is a spyware application for Android devices that logs certain information and sends SMS messages to a predetermined phone number.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-090710-1836-99" + ] + } + }, + { + "value": "Spybubble", + "description": "Spybubble is a Spyware application for Android devices that logs the device's activity and sends it to a predetermined website.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-121917-0335-99" + ] + } + }, + { + "value": "Spydafon", + "description": "Spydafon is a Potentially Unwanted Application for Android devices that monitors the affected device.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-030722-4740-99" + ] + } + }, + { + "value": "Spymple", + "description": "Spymple is a spyware application for Android devices that allows the device it is installed on to be monitored.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-031914-5403-99" + ] + } + }, + { + "value": "Spyoo", + "description": "Spyoo is a spyware program for Android devices that records and sends certain information to a remote location.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-081709-0457-99" + ] + } + }, + { + "value": "Spytekcell", + "description": "Spytekcell is a spyware program for Android devices that monitors and sends certain information to a remote location.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-121021-0730-99" + ] + } + }, + { + "value": "Spytrack", + "description": "Spytrack is a spyware program for Android devices that periodically sends certain information to a remote location.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-080109-5710-99" + ] + } + }, + { + "value": "Spywaller", + "description": "Spywaller is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2015-121807-0203-99" + ] + } + }, + { + "value": "Stealthgenie", + "description": "Stealthgenie is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-111416-1306-99" + ] + } + }, + { + "value": "Steek", + "description": "Steek is a potentially unwanted application that is placed on a download website for Android applications and disguised as popular applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-010911-3142-99" + ] + } + }, + { + "value": "Stels", + "description": "Stels is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-032910-0254-99" + ] + } + }, + { + "value": "Stiniter", + "description": "Stiniter is a Trojan horse for Android devices that sends SMS messages to a premium-rate phone number. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-030903-5228-99" + ] + } + }, + { + "value": "Sumzand", + "description": "Sumzand is a Trojan horse for Android devices that steals information and sends it to a remote location. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-080308-2851-99" + ] + } + }, + { + "value": "Switcher", + "description": "Switcher is a Trojan horse for Android devices that modifies Wi-Fi router DNS settings. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2017-090410-0547-99" + ] + } + }, + { + "value": "Sysecsms", + "description": "Sysecsms is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-122714-5228-99" + ] + } + }, + { + "value": "Tanci", + "description": "Tanci is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032815-4108-99" + ] + } + }, + { + "value": "Tapjoy", + "description": "Tapjoy is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052619-4702-99" + ] + } + }, + { + "value": "Tapsnake", + "description": "Tapsnake is a Trojan horse for Android phones that is embedded into a game. It tracks the phone's location and posts it to a remote web service. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2010-081214-2657-99" + ] + } + }, + { + "value": "Tascudap", + "description": "Tascudap is a Trojan horse for Android devices that uses the compromised device in denial of service attacks. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-121312-4547-99" + ] + } + }, + { + "value": "Teelog", + "description": "Teelog is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-040215-2736-99" + ] + } + }, + { + "value": "Temai", + "description": "Temai is a Trojan horse for Android applications that opens a back door and downloads malicious files onto the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-091722-4052-99" + ] + } + }, + { + "value": "Tetus", + "description": "Tetus is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-012409-4705-99" + ] + } + }, + { + "value": "Tgpush", + "description": "Tgpush is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032816-0259-99" + ] + } + }, + { + "value": "Tigerbot", + "description": "Tigerbot is a Trojan horse for Android devices that opens a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-041010-2221-99" + ] + } + }, + { + "value": "Tonclank", + "description": "Tonclank is a Trojan horse that steals information and may open a back door on Android devices. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-061012-4545-99" + ] + } + }, + { + "value": "Trogle", + "description": "Trogle is a worm for Android devices that may steal information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-081213-5553-99" + ] + } + }, + { + "value": "Twikabot", + "description": "Twikabot is a Trojan horse for Android devices that attempts to steal information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-062614-5813-99" + ] + } + }, + { + "value": "Uapush", + "description": "Uapush is a Trojan horse for Android devices that steals information from the compromised device. It may also display advertisements and send SMS messages from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-040114-2910-99" + ] + } + }, + { + "value": "Umeng", + "description": "Umeng is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040307-5749-99" + ] + } + }, + { + "value": "Updtbot", + "description": "Updtbot is a Trojan horse for Android devices that may arrive through SMS messages. It may then open a back door on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-041611-4136-99" + ] + } + }, + { + "value": "Upush", + "description": "Upush is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040207-0733-99" + ] + } + }, + { + "value": "Uracto", + "description": "Uracto is a Trojan horse for Android devices that steals personal information and sends spam SMS messages to contacts found on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-031805-2722-99" + ] + } + }, + { + "value": "Uranico", + "description": "Uranico is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-052803-3835-99" + ] + } + }, + { + "value": "Usbcleaver", + "description": "Usbcleaver is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-062010-1818-99" + ] + } + }, + { + "value": "Utchi", + "description": "Utchi is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040107-2536-99" + ] + } + }, + { + "value": "Uten", + "description": "Uten is a Trojan horse for Android devices that may send, block, and delete SMS messages on a compromised device. It may also download and install additional applications and attempt to gain root privileges. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-092316-4752-99" + ] + } + }, + { + "value": "Uupay", + "description": "Uupay is a Trojan horse for Android devices that steals information from the compromised device. It may also download additional malware. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-061714-1550-99" + ] + } + }, + { + "value": "Uxipp", + "description": "Uxipp is a Trojan horse that attempts to send premium-rate SMS messages to predetermined numbers. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99" + ] + } + }, + { + "value": "Vdloader", + "description": "Vdloader is a Trojan horse for Android devices that opens a back door on the compromised device and steals confidential information. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-080209-1420-99" + ] + } + }, + { + "value": "VDopia", + "description": "VDopia is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052712-1559-99" + ] + } + }, + { + "value": "Virusshield", + "description": "Virusshield is a Trojan horse for Android devices that claims to scan apps and protect personal information, but has no real functionality. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040810-5457-99" + ] + } + }, + { + "value": "VServ", + "description": "VServ is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052619-3117-99" + ] + } + }, + { + "value": "Walkinwat", + "description": "Walkinwat is a Trojan horse that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-033008-4831-99" + ] + } + }, + { + "value": "Waps", + "description": "Waps is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040406-5437-99" + ] + } + }, + { + "value": "Waren", + "description": "Waren is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-032815-5501-99" + ] + } + }, + { + "value": "Windseeker", + "description": "Windseeker is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-101519-0720-99" + ] + } + }, + { + "value": "Wiyun", + "description": "Wiyun is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040207-5646-99" + ] + } + }, + { + "value": "Wooboo", + "description": "Wooboo is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040407-5829-99" + ] + } + }, + { + "value": "Wqmobile", + "description": "Wqmobile is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040407-4926-99" + ] + } + }, + { + "value": "YahooAds", + "description": "YahooAds is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-060621-3229-99" + ] + } + }, + { + "value": "Yatoot", + "description": "Yatoot is a Trojan horse for Android devices that steals information from the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-031408-4748-99" + ] + } + }, + { + "value": "Yinhan", + "description": "Yinhan is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040107-3350-99" + ] + } + }, + { + "value": "Youmi", + "description": "Youmi is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-040407-4318-99" + ] + } + }, + { + "value": "YuMe", + "description": "YuMe is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-060621-0322-99" + ] + } + }, + { + "value": "Zeahache", + "description": "Zeahache is a Trojan horse that elevates privileges on the compromised device. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2011-032309-5042-99" + ] + } + }, + { + "value": "ZertSecurity", + "description": "ZertSecurity is a Trojan horse for Android devices that steals information and sends it to a remote attacker. ", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2013-050820-4100-99" + ] + } + }, + { + "value": "ZestAdz", + "description": "ZestAdz is an advertisement library that is bundled with certain Android applications.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2014-052616-3821-99" + ] + } + }, + { + "value": "Zeusmitmo", + "description": "Zeusmitmo is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.", + "meta": { + "refs": [ + "https://www.symantec.com/security_response/writeup.jsp?docid=2012-080818-0448-99" + ] + } + } + ], + "version": 1, + "uuid": "84310ba3-fa6a-44aa-b378-b9e3271c58fa", + "description": "Android malware galaxy based on multiple open sources.", + "authors": [ + "GeekWeek" + ], + "source": "GeekWeek", + "type": "android", + "name": "Android" +} diff --git a/clusters/banker.json b/clusters/banker.json new file mode 100644 index 0000000..cc99080 --- /dev/null +++ b/clusters/banker.json @@ -0,0 +1,400 @@ +{ + "values": [ + { + "meta": { + "refs": [ + "https://usa.kaspersky.com/resource-center/threats/zeus-virus" + ], + "synonyms": [ + "Zbot" + ], + "date": "Initally discovered between 2006 and 2007. New bankers with Zeus roots still active today." + }, + "description": "Zeus is a trojan horse that is primarily delivered via drive-by-downloads, malvertising, exploit kits and malspam campaigns. It uses man-in-the-browser keystroke logging and form grabbing to steal information from victims. Source was leaked in 2011.", + "value": "Zeus" + }, + { + "meta": { + "refs": [ + "https://www.kaspersky.com/blog/neverquest-trojan-built-to-steal-from-hundreds-of-banks/3247/", + "https://www.fidelissecurity.com/threatgeek/2016/05/vawtrak-trojan-bank-it-evolving", + "https://www.proofpoint.com/us/threat-insight/post/In-The-Shadows", + "https://www.botconf.eu/wp-content/uploads/2016/11/2016-Vawtrak-technical-report.pdf" + ], + "synonyms": [ + "Neverquest" + ], + "date": "Discovered early 2013" + }, + "description": "Delivered primarily by exploit kits as well as malspam campaigns utilizing macro based Microsoft Office documents as attachments. Vawtrak/Neverquest is a modularized banking trojan designed to steal credentials through harvesting, keylogging, Man-In-The-Browser, etc.", + "value": "Vawtrak" + }, + { + "meta": { + "refs": [ + "https://blog.malwarebytes.com/detections/trojan-dridex/", + "https://feodotracker.abuse.ch/" + ], + "synonyms": [ + "Bugat", + "Cridex", + "Feodo Version D" + ], + "date": "Discovery in 2014, still active" + }, + "description": " Dridex leverages redirection attacks designed to send victims to malicious replicas of the banking sites they think they're visiting.", + "value": "Dridex" + }, + { + "meta": { + "refs": [ + "https://www.secureworks.com/research/gozi", + "https://www.gdatasoftware.com/blog/2016/11/29325-analysis-ursnif-spying-on-your-data-since-2007", + "https://lokalhost.pl/gozi_tree.txt" + ], + "synonyms": [ + "Ursnif", + "CRM", + "Snifula", + "Papras" + ], + "date": "First seen ~ 2007" + }, + "description": "Banking trojan delivered primarily via email (typically malspam) and exploit kits. Gozi 1.0 source leaked in 2010", + "value": "Gozi" + }, + { + "meta": { + "refs": [ + "https://krebsonsecurity.com/tag/gozi-prinimalka/", + "https://securityintelligence.com/project-blitzkrieg-how-to-block-the-planned-prinimalka-gozi-trojan-attack/", + "https://lokalhost.pl/gozi_tree.txt" + ], + "synonyms": [ + "Prinimalka" + ], + "date": "Fall Oct. 2012 - Spring 2013" + }, + "description": "Banking trojan attributed to Project Blitzkrieg targeting U.S. Financial institutions.", + "value": "Goziv2" + }, + { + "meta": { + "refs": [ + "https://www.govcert.admin.ch/blog/18/gozi-isfb-when-a-bug-really-is-a-feature", + "https://blog.malwarebytes.com/threat-analysis/2017/04/binary-options-malvertising-campaign-drops-isfb-banking-trojan/", + "https://info.phishlabs.com/blog/the-unrelenting-evolution-of-vawtrak", + "https://lokalhost.pl/gozi_tree.txt" + ], + "date": "Beginning 2010" + }, + "description": "Banking trojan based on Gozi source. Features include web injects for the victims’ browsers, screenshoting, video recording, transparent redirections, etc. Source leaked ~ end of 2015.", + "value": "Gozi ISFB" + }, + { + "meta": { + "refs": [ + "https://blog.malwarebytes.com/threat-analysis/2017/04/binary-options-malvertising-campaign-drops-isfb-banking-trojan/", + "https://www.proofpoint.com/us/threat-insight/post/ursnif-variant-dreambot-adds-tor-functionality", + "https://lokalhost.pl/gozi_tree.txt" + ], + "date": "Since 2014" + }, + "description": "Dreambot is a variant of Gozi ISFB that is spread via numerous exploit kits as well as through malspam email attachments and links.", + "value": "Dreambot" + }, + { + "meta": { + "refs": [ + "https://lokalhost.pl/gozi_tree.txt", + "http://archive.is/I7hi8#selection-217.0-217.6" + ], + "date": "Seen Autumn 2014" + }, + "description": "Gozi ISFB variant ", + "value": "IAP" + }, + { + "meta": { + "refs": [ + "https://securityintelligence.com/meet-goznym-the-banking-malware-offspring-of-gozi-isfb-and-nymaim/", + "https://lokalhost.pl/gozi_tree.txt" + ], + "date": "Spring 2016" + }, + "description": "GozNym hybrid takes the best of both the Nymaim and Gozi ISFB. From the Nymaim malware, it leverages the dropper’s stealth and persistence; the Gozi ISFB parts add the banking Trojan’s capabilities to facilitate fraud via infected Internet browsers.", + "value": "GozNym" + }, + { + "meta": { + "refs": [ + "https://blog.threatstop.com/zloader/terdot-that-man-in-the-middle", + "https://www.scmagazine.com/terdot-zloaderzbot-combo-abuses-certificate-app-to-pull-off-mitm-browser-attacks/article/634443/" + ], + "synonyms": [ + "Zeus Terdot" + ], + "date": "First seen in Fall 2016 and still active today." + }, + "description": "Zloader is a loader that loads different payloads, one of which is a Zeus module. Delivered via exploit kits and malspam emails. ", + "value": "Zloader Zeus" + }, + { + "meta": { + "refs": [ + "https://blog.malwarebytes.com/threat-analysis/2014/02/hiding-in-plain-sight-a-story-about-a-sneaky-banking-trojan/", + "https://securityintelligence.com/new-zberp-trojan-discovered-zeus-zbot-carberp/" + ], + "synonyms": [ + "VM Zeus" + ], + "date": "First seen ~Feb 2014" + }, + "description": "Zeus variant that utilizes steganography in image files to retrieve configuration file. ", + "value": "Zeus VM" + }, + { + "meta": { + "refs": [ + "https://securityintelligence.com/brazil-cant-catch-a-break-after-panda-comes-the-sphinx/" + ], + "date": "First seen ~Aug 2015" + }, + "description": "Sphinx is a modular banking trojan that is a commercial offering sold to cybercriminals via underground fraudster boards.", + "value": "Zeus Sphinx" + }, + { + "meta": { + "refs": [ + "https://www.proofpoint.com/us/threat-insight/post/panda-banker-new-banking-trojan-hits-the-market", + "https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf" + ], + "synonyms": [ + "Zeus Panda" + ], + "date": "First seen ~ Spring 2016" + }, + "description": " ", + "value": "Panda Banker" + }, + { + "meta": { + "refs": [ + "https://securityintelligence.com/zeus-maple-variant-targets-canadian-online-banking-customers/", + "https://github.com/nyx0/KINS" + ], + "synonyms": [ + "Kasper Internet Non-Security", + "Maple" + ], + "date": "First seen 2014" + }, + "description": "Zeus KINS is a modified version of ZeuS 2.0.8.9. It contains an encrypted version of it's config in the registry. ", + "value": "Zeus KINS" + }, + { + "meta": { + "refs": [ + "https://www.proofpoint.com/us/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan", + "https://securelist.com/chthonic-a-new-modification-of-zeus/68176/" + ], + "date": "First seen fall of 2014" + }, + "description": "Chthonic according to Kaspersky is an evolution of Zeus VM. It uses the same encryptor as Andromeda bot, the same encryption scheme as Zeus AES and Zeus V2 Trojans, and a virtual machine similar to that used in ZeusVM and KINS malware.", + "value": "Chthonic" + }, + { + "meta": { + "refs": [ + "https://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/" + ], + "date": "Discovered ~February 2016" + }, + "description": "Android banking trojan that tries to steal victims’ banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface as well as the login pages of 7 different banks’ apps.", + "value": "Xbot" + }, + { + "meta": { + "refs": [ + "https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/", + "https://blog.malwarebytes.com/threat-analysis/2017/08/trickbot-comes-with-new-tricks-attacking-outlook-and-browsing-data/", + "http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/trickbots-bag-of-tricks.html", + "https://www.flashpoint-intel.com/blog/new-version-trickbot-adds-worm-propagation-module/" + ], + "synonyms": [ + "Trickster", + "Trickloader" + ], + "date": "Discovered Fall 2016" + }, + "description": "Trickbot is a bot that is delivered via exploit kits and malspam campaigns. The bot is capable of downloading modules, including a banker module. Trickbot also shares roots with the Dyre banking trojan", + "value": "Trickbot" + }, + { + "meta": { + "refs": [ + "https://www.secureworks.com/research/dyre-banking-trojan", + "https://blog.malwarebytes.com/threat-analysis/2015/11/a-technical-look-at-dyreza/" + ], + "synonyms": [ + "Dyreza" + ], + "date": "Discovered ~June 2014" + }, + "description": "Dyre is a banking trojan distributed via exploit kits and malspam emails primarily. It has a modular architectur and utilizes man-in-the-browser functionality. It also leverages a backconnect server that allows threat actors to connect to a bank website through the victim's computer.", + "value": "Dyre" + }, + { + "meta": { + "refs": [ + "https://securityblog.switch.ch/2015/06/18/so-long-and-thanks-for-all-the-domains/", + "http://securityintelligence.com/tinba-malware-reloaded-and-attacking-banks-around-the-world/", + "https://blog.avast.com/2014/09/15/tiny-banker-trojan-targets-customers-of-major-banks-worldwide/", + "http://my.infotex.com/tiny-banker-trojan/" + ], + "synonyms": [ + "Zusy", + "TinyBanker", + "illi" + ], + "date": "Discovered ~Spring 2012" + }, + "description": "Tinba is a very small banking trojan that hooks into browsers and steals login data and sniffs on network traffic. It also uses Man in The Browser (MiTB) and webinjects. Tinba is primarily delivered via exploit kits, malvertising and malspam email campaigns.", + "value": "Tinba" + }, + { + "meta": { + "refs": [ + "https://feodotracker.abuse.ch/", + "https://www.cert.pl/en/news/single/analysis-of-emotet-v4/" + ], + "synonyms": [ + "Emotet v4", + "Feodo Version E" + ], + "date": "Discovered in March 2017." + }, + "description": "Heodo is a successor of Geodo / Emotet (Version C or v3). It is a botnet capable of downloading modules including a banker module that uses MiTB techniques to steal banking information from victims. It is primarily delivered via malicious email (malspam) campaigns. ", + "value": "Heodo" + }, + { + "meta": { + "refs": [ + "https://feodotracker.abuse.ch/", + "http://blog.trendmicro.com/trendlabs-security-intelligence/new-banking-malware-uses-network-sniffing-for-data-theft/" + ], + "synonyms": [ + "Feodo Version B", + "Emotet" + ], + "date": "Discovered ~Summer 2014" + }, + "description": "Geodo is a banking trojan delivered primarily through malspam emails. It is capable of sniffing network activity to steal information by hooking certain network API calls.", + "value": "Geodo" + }, + { + "meta": { + "refs": [ + "https://securelist.com/dridex-a-history-of-evolution/78531/", + "https://feodotracker.abuse.ch/", + "http://stopmalvertising.com/rootkits/analysis-of-cridex.html" + ], + "synonyms": [ + "Bugat", + "Cridex" + ], + "date": "Discovered ~September 2011" + }, + "description": "Feodo is a banking trojan that utilizes web injects and is also capable of monitoring & manipulating cookies. It is delivered primarily via exploit kits and malspam emails.", + "value": "Feodo" + }, + { + "meta": { + "refs": [ + "https://www.cert.pl/en/news/single/ramnit-in-depth-analysis/" + ], + "synonyms": [ + "Nimnul" + ], + "date": "Discovered ~2010." + }, + "description": "Originally not a banking trojan in 2010, Ramnit became a banking trojan after the Zeus source code leak. It is capable of perforrming Man-in-the-Browser attacks. Distributed primarily via exploit kits.", + "value": "Ramnit" + }, + { + "meta": { + "refs": [ + "https://securityintelligence.com/qakbot-banking-trojan-causes-massive-active-directory-lockouts/", + "https://www.johannesbader.ch/2016/02/the-dga-of-qakbot/", + "https://www.virusbulletin.com/uploads/pdf/magazine/2016/VB2016-Karve-etal.pdf" + ], + "synonyms": [ + "Qbot ", + "Pinkslipbot" + ], + "date": "Discovered ~2007" + }, + "description": "Qakbot is a banking trojan that leverages webinjects to steal banking information from victims. It also utilizes DGA for command and control. It is primarily delivered via exploit kits.", + "value": "Qakbot" + }, + { + "meta": { + "refs": [ + "https://securityintelligence.com/an-overnight-sensation-corebot-returns-as-a-full-fledged-financial-malware/", + "https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/02/ASERT-Threat-Intelligence-Brief-2016-02-Corebot-1.pdf", + "https://malwarebreakdown.com/2017/09/11/re-details-malspam-downloads-corebot-banking-trojan/" + ], + "date": "Discovered ~Fall 2015" + }, + "description": "Corebot is a modular trojan that leverages a banking module that can perform browser hooking, form grabbing, MitM, webinjection to steal financial information from victims. Distributed primarily via malspam emails and exploit kits.", + "value": "Corebot" + }, + { + "meta": { + "refs": [ + "https://securelist.com/the-nukebot-banking-trojan-from-rough-drafts-to-real-threats/78957/", + "https://www.arbornetworks.com/blog/asert/dismantling-nuclear-bot/", + "https://securityintelligence.com/the-nukebot-trojan-a-bruised-ego-and-a-surprising-source-code-leak/", + "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=4596", + "https://benkowlab.blogspot.ca/2017/08/quick-look-at-another-alina-fork-xbot.html" + ], + "synonyms": [ + "NukeBot", + "Nuclear Bot", + "MicroBankingTrojan", + "Xbot" + ], + "date": "Discovered ~December 2016" + }, + "description": "TinyNuke is a modular banking trojan that includes a HiddenDesktop/VNC server and reverse SOCKS 4 server. It's main functionality is to make web injections into specific pages to steal user data. Distributed primarily via malspam emails and exploit kits.", + "value": "TinyNuke" + }, + { + "meta": { + "refs": [ + "https://www.govcert.admin.ch/blog/33/the-retefe-saga", + "https://threatpost.com/eternalblue-exploit-used-in-retefe-banking-trojan-campaign/128103/", + "https://countuponsecurity.com/2016/02/29/retefe-banking-trojan/", + "https://securityblog.switch.ch/2014/11/05/retefe-with-a-new-twist/", + "http://securityintelligence.com/tsukuba-banking-trojan-phishing-in-japanese-waters/" + ], + "synonyms": [ + "Tsukaba", + "Werdlod" + ], + "date": "Discovered in 2014" + }, + "description": "Retefe is a banking trojan that is distributed by what SWITCH CERT calls the Retefe gang or Operation Emmental. It uses geolocation based targeting. It also leverages fake root certificate and changes the DNS server for domain name resolution in order to display fake banking websites to victims. It is spread primarily through malspam emails. ", + "value": "Retefe" + } + ], + "version": 1, + "uuid": "59f20cce-5420-4084-afd5-0884c0a83832", + "description": "Banking malware galaxy from CCIRC.", + "authors": [ + "GeekWeek" + ], + "source": "GeekWeek", + "type": "banker", + "name": "Banker" +} diff --git a/galaxies/android.json b/galaxies/android.json new file mode 100644 index 0000000..d2e9123 --- /dev/null +++ b/galaxies/android.json @@ -0,0 +1,8 @@ +{ + "description": "Android malware galaxy based on multiple open sources.", + "type": "android", + "version": 1, + "name": "Android", + "icon": "", + "uuid": "84310ba3-fa6a-44aa-b378-b9e3271c58fa" +} diff --git a/galaxies/banker.json b/galaxies/banker.json new file mode 100644 index 0000000..af0df2f --- /dev/null +++ b/galaxies/banker.json @@ -0,0 +1,8 @@ +{ + "description": "Banking malware galaxy from CCIRC.", + "type": "banker", + "version": 1, + "name": "Banker", + "icon": "", + "uuid": "59f20cce-5420-4084-afd5-0884c0a83832" +}