Gshade Malware

(@ZaketB)

[A new variant based on Android SmsBot malware.]

A new variant of SmsBot malware has been discovered targeting Android users, The Mail has learnt.A new variant of SmsBot malware was spotted in July in a sample sent by someone claiming to be a German businessman.The new variant, dubbed as SmsBot XXV, was located and imaged by Researchers at the Johns Hopkins University. While most of the malware sample which was posted was made up of blank files, it later included at least one Windows executable and a small set of program executables made up of a few strings and another program.Two Android versions were present in the malicious file as well on what appears to be the same disk. One app, named as ZAKetMainDroid, is a file-roller that also performs a preliminary voice-over in the app. However, we cannot rule out the possibility of using these apps with the intent to produce more serious malware that targets Android devices.The type of attack is similar to the Smurf malware, which is one of three variants dubbed Smurf, Smurfer and Snowman. The Smurf malware is developed by a group from Russia that used to be a security firm, and later was acquired by Maven Security Systems Inc which operated under the name of Maven Security.It is similar to Smurfer malware, which is developed by a group from Russia and was first spotted in July, 2008, among other security firms were reported being infected on Android and iOS devices. A new variant of Smurfer was first discovered on Oct. 19, 2009, just a week before the first leaked memo about the security industry’s vulnerabilities and the need for security.The latest malware, called SmsBot XXV, was spotted by a security firm by using a sample that was created with the intent to avoid detection. It was also being spread by email and some cyber circles are suggesting that it is most likely a Spam/Ransomware attempt.SmsBot XXV, in collaboration with its parent malware, is very specific in its requirements, it demands a lot of images of an android device and two encrypted apps.It also demands an unlimited amount of time in which the malware can be present on an android device.