{"id":314,"date":"2014-12-13T10:44:55","date_gmt":"2014-12-13T18:44:55","guid":{"rendered":"http:\/\/www.android-decompiler.com\/blog\/?p=314"},"modified":"2018-12-19T13:38:48","modified_gmt":"2018-12-19T21:38:48","slug":"red-october-malware-for-android","status":"publish","type":"post","link":"https:\/\/www.pnfsoftware.com\/blog\/red-october-malware-for-android\/","title":{"rendered":"Red October Malware for Android"},"content":{"rendered":"<p>Blue Coat Systems recently released a <a href=\"https:\/\/www.bluecoat.com\/security-blog\/2014-12-09\/blue-coat-exposes-%E2%80%9C-inception-framework%E2%80%9D-very-sophisticated-layered-malware\">paper<\/a> about the Inception APT (also dubbed Cloud Atlas, it may be connected to the Red October APT).\u00a0One component of this APT is an Android trojan, masquerading as a Whatsapp update package. It is able to record audio calls, as well as gather, encrypt and exfiltrate user information.<\/p>\n<p>The 4 strings partially written in Hindi that have been speculated on are those:<\/p>\n<p><a href=\"http:\/\/www.android-decompiler.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-317\" src=\"http:\/\/www.android-decompiler.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img1-300x215.png\" alt=\"redoctober-android-img1\" width=\"300\" height=\"215\" srcset=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img1-300x215.png 300w, https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img1-624x449.png 624w, https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img1.png 778w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><a href=\"http:\/\/www.android-decompiler.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-318\" src=\"http:\/\/www.android-decompiler.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img2-300x111.png\" alt=\"redoctober-android-img2\" width=\"300\" height=\"111\" srcset=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img2-300x111.png 300w, https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img2.png 589w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><a href=\"http:\/\/www.android-decompiler.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-319\" src=\"http:\/\/www.android-decompiler.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img3-300x76.png\" alt=\"redoctober-android-img3\" width=\"300\" height=\"76\" srcset=\"https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img3-300x76.png 300w, https:\/\/www.pnfsoftware.com\/blog\/wp-content\/uploads\/2014\/12\/redoctober-android-img3.png 612w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>For researchers wanting to have a peak inside the APK, we are providing JEB decompiled Java code for <a href=\"https:\/\/www.virustotal.com\/en\/file\/7faa023e0bcf98d90d21caeaf750bdbaed4ee03abf6d2c81d8e0e3911a4af789\/analysis\/\">one such sample<\/a>.<\/p>\n<p>Download is here: <a href=\"http:\/\/www.android-decompiler.com\/blog\/wp-content\/uploads\/2014\/12\/cloudatlas-android-malware-decompiled.zip\">cloudatlas-android-malware-decompiled.zip<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Blue Coat Systems recently released a paper about the Inception APT (also dubbed Cloud Atlas, it may be connected to the Red October APT).\u00a0One component of this APT is an Android trojan, masquerading as a Whatsapp update package. It is able to record audio calls, as well as gather, encrypt and exfiltrate user information. The &hellip; <a href=\"https:\/\/www.pnfsoftware.com\/blog\/red-october-malware-for-android\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Red October Malware for Android<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,3,2],"tags":[],"class_list":["post-314","post","type-post","status-publish","format-standard","hentry","category-android","category-decompilation","category-malware"],"_links":{"self":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/314","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/comments?post=314"}],"version-history":[{"count":0,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/posts\/314\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/media?parent=314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/categories?post=314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pnfsoftware.com\/blog\/wp-json\/wp\/v2\/tags?post=314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}