Wednesday, January 16, 2013

Android.Troj.mdk AKA Android.ksapp

There's a lot press and scare tactics that originated from an article at threatpost today.  After reading the article and the translated article straight from China, I decided to take a look for some samples myself.  After scouring the internet, I got a few samples to check out, and I found that this is nothing more then a new variation of Ksapp. Ksapp is a bot-net that can be used to download new programs or launch a DDOS attack from Android devices and is bundled with hacked legitimate applications and spammed out to the alternate Chinese markets.

This new one is not that much different, except the C&C servers have changed and it downloads a secondary hidden program in-case you delete the first one.

The new C&C servers can be found at:

Also, you can download the secondary APK at:


(please note these are live UNCENSORED links and may not be active forever.)

So, remember to always use known safe markets and download and install a mobile Antivirus.  It looks like for this one ESET is the only one detecting it as of now.

Stay safe out there -R`/4N