Friday, May 17, 2013

Android.RoidSec




There is a  new security blog post from WebRoot about an Android malware called RoidSec. I took a quick look at this APK which can be found at:
hxxp://pan.baidu{dot}com/share/link?shareid=175821&uk=3106407483
or you can download the APK here (pasword = infected).

A quick analysis finds that while it does send data to the C&C server below, it is currently ineffective as this site has gone down a while ago. Still it can be classified as malware as it does not give the specified benefit while hiding itself in the background and potentially leaking data to a domain that could become active or be updated in the future.

C&C Server: hxxp://roidsec{dot}com/


Stay safe out there
-R`/4N