New Malware Alert: Parasites Android Malware

A new android malware,  Parasites Android Malware, has been reported by my friend Rick’s malware team.  After I got the sample last night, I have done a quick analysis using trustlook’s malware analysis platform. Here you are the detail report.

Note: here is Zhi Xu’s original report

The malware application general information.

Screen Shot 2013-08-28 at 10.14.19 AM

Here is the permissions the malware reserved

Screen Shot 2013-08-28 at 10.26.39 AM

Here is the two android package embedded in the application itself.

Screen Shot 2013-08-28 at 10.28.10 AM

 

 

When the application loaded, it will load a dynamic Jar library included in its package and also try to get ROOT shell by running “su” command.

 

Screen Shot 2013-08-28 at 10.18.30 AM

 

 

It will read your device information

 

Screen Shot 2013-08-28 at 10.21.01 AM

 

Some of its DNS related traffic

 

Screen Shot 2013-08-28 at 10.22.47 AM Screen Shot 2013-08-28 at 10.22.30 AM

 

steal user’s IMEI number using HTTP POST:

 

Screen Shot 2013-08-28 at 10.23.42 AM

 

Screen Shot 2013-08-28 at 10.30.00 AM

Screen Shot 2013-08-28 at 10.30.14 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s