There's a lot press and scare tactics that originated from an article at threatpost today. After reading the article and the translated article straight from China, I decided to take a look for some samples myself. After scouring the internet, I got a few samples to check out, and I found that this is nothing more then a new variation of Ksapp. Ksapp is a bot-net that can be used to download new programs or launch a DDOS attack from Android devices and is bundled with hacked legitimate applications and spammed out to the alternate Chinese markets.This new one is not that much different, except the C&C servers have changed and it downloads a secondary hidden program in-case you delete the first one.
The new C&C servers can be found at:
hxxp://wap.juliu[dot]net/control.html?
hxxp://app.looking3g[dot]com:30125/serv?
Also, you can download the secondary APK at:
hxxp://app.looking3g[dot]com:30211/t/dha.so
(please note these are live UNCENSORED links and may not be active forever.)
So, remember to always use known safe markets and download and install a mobile Antivirus. It looks like for this one ESET is the only one detecting it as of now.
Stay safe out there -R`/4N
