Month: December 2013

Yesterday was eventful on the Android malware front. After Mouabad reported by Lookout, FireEye reported MisoSMS. It might also have been reported by Sophos at roughly the same time.

The malicious application is used in several campaigns to steal SMS and send them to China, according to FireEye’s blog post.

Many of you would like to examine and study its code, that’s why I uploaded an archive with the source code decompiled by JEB 1.4, as well as a cleaned-up manifest. Link: MisoSMS_JEB_decomp_20131217

Lookout has an interesting article about Android Mouabad. Yet another Korean SMS malware!

The APK fully decompiled by JEB 1.4 can be found here: mouabad_JEB_decomp_20131217.zip. I haven’t refactored or commented the code, these are raw decompiled classes.

Sample MD5 68DF97CD5FB2A54B135B5A5071AE11CF is available on Contagio.

Want to have a look at Android Skullkey?

I uploaded the Java code decompiled with JEB 1.4 here: skullkey_JEB_decomp_20131205.zip
The interesting bits are in com.hk515. Have fun!

Sample MD5 48c3903b3e91f4c5fbc65b640647f7d7 is available on Contagio.