目前最全的android恶意程序的分类谱

标签: android 信息安全 移动互联网 Android 安全 | 发表时间:2013-09-10 04:19 | 作者:tweety
出处:http://tweetyf.org

下面是目前市面上统计到最全的安卓恶意程序的分类族谱了。

每类恶意程序的特点用ABCD等来描述,恶意软件的特点在表格最下方列出。

来源编译自 http://forensics.spreitzenbarth.de/android-malware/

描述 特点
Android.AccuTrack
This application turns an Android smartphone into a GPS tracker.
A
J
Android.Ackposts
This Trojan steals contact information from the compromised device and uploads them to a remote server.
F
Android.Acnetdoor
This Trojan opens a backdoor on the infected device and sends the IP address to a remote server.
H
F
Android.Adsms
This is a Trojan which is allowed to send SMS messages. The distribution channel of this malware is through a SMS message containing the download link.
A
G
Android.AnServer/Answerbot
Opens a backdoor in Android devices and is able to steal personal information which will be uploaded to a remote server afterwards.
F
Android.Antares/Antammi
This is a Trojan which steals personal information from the infected device.
F
Android.Arspam
This malware represent the first stage of politically-motivated hacking (hacktivism) on mobile platforms.
G
Android.Basebridge
Forwards confidential details (SMS, IMSI, IMEI) to a remote server.
I
F
Android.BeanBot
This is a Trojan which is allowed to send SMS messages and which is controlled by a C&C-Server.
I
G
F
Android.BgServ
Obtains the user’s phone information (IMEI, phone number, etc.). The information is then uploaded to a specific URL.
H
A
I
F
Android.Biige
This spyware records SMS messages, calls, location, etc. and uploads these data to a remote server.
F
J
Android.Booster
This application steals personal information and uploads these data to a remote server.
F
Android.Boxer
This trojan sends SMS messages to premium rated numbers.
G
Android.Carberp
Tries to steal confidential banking authentication codes (mTAN messages) sent to the infected device.
F
C
Android.Cawitt
This application steals personal information and uploads these data to a remote server.
F
Android.Cellspy
This application is a smartphone tracker.
J
Android.Coogos
Backdoor Trojan which has the capability to receive a remote connection from a malicious hacker and perform actions against the compromised system.
H
I
Android.CopyCat
Is a aggressive and malicious ad network. The main goal is to generate revenue.
A
Android.Cosha
This applications monitor the infected device and send personal data to a remote server.
F
Android.Counterclank
Is no real malware but a very aggressive ad-network with the capability to steal privacy related information.
A
F
G
Android.Crusewind
Intercepts incoming SMS messages and forwards them to a remote server including informations like IMSI and IMEI.
F
Android.Dogowar
This Trojan sends spam SMS messages to all contacts.
G
Android.Dougalek
This application steals personal information and uploads these data to a remote server.
F
Android.DroidDeluxe
Exploits the device to gain root privilege. Afterwards it modifies the access permission of some system database files and tries to collect account information.
H
Android.DroidDream
Uses two different tools ( rageagainstthecage and exploid) to root the smartphone.
H
A
I
Android.DroidDreamLight
Gathers information from an infected mobile phone (device, IMEI, IMSI, country, list of installed apps) and connects to several URLs in order to upload this data.
A
F
Android.DroidKungfu
Collects a variety of information on the infected phone(IMEI, device, OS version, etc.). The collected informaiton is dumped to a local file which is sent to a remote server afterwards.
H
I
F
Android.DroidSheep
This application can capture and hijack unencrypted web sessions.
D
Android.Extension/Monad
This Trojan is able to intercept incoming and outgoing phone calls, open a browser and visit specific websites, execute clicks on advertisements and is able to upgrade its own malicious code. Furthermore, the corresponding app can make phone calls, send SMS messages and collects privacy related information like call history, contacts, GPS location and device ID which all will be uploaded to a remote server.
G
I
F
J
Android.FaceNiff
This application can capture and hijack unencrypted web sessions.
D
Android.FakeAngry
Backdoor Trojan which has the capability to receive a remote connection from a malicious hacker and perform actions against the compromised system.
H
I
F
Android.FakeDoc
This Trojan installs additional applications.
E
Android.FakeFlash
This Trojan redirects the user trough paid proxies.
D
Android.FakeInst
The most common Fraudware. These applications send premium SMS messages.
G
Android.FakeNefix
This application steals user credentials.
F
Android.FakePlayer
Sends SMS messages to preset numbers.
G
Android.FakeRegSMS
It sends SMS messages to premium rated numbers and tries to hide this action from the malware investigators by using some kind of steganography.
G
Android.FakeTimer
Sends personal information to a remote server and opens pornographic websites
I
F
Android.Find and Call/Fidall
Sends personal information (address book) to a remote server.
F
Android.Finspy
This Trojan is a component of a commercial surveillance product that monitors user activity.
I
F
Android.Fjcon
This Trojan connects to a C&C-Server and has the ability to install additional packages and send premium rated SMS messages.
E
I
F
G
Android.Flexispy
This malware tracks phone calls, SMS messages, internet activity and GPS location.
J
Android.Foncy
This Trojan sends premium rated SMS messages.
G
Android.Fokange/Fokonge
Is a information stealing malware which uploads the stolen data to a remote server.
F
Android.Gamex
Opens a back door and installs additional applications.
H
I
E
Android.Geinimi
Opens a back door and transmits information from the device (IMEI, IMSI, etc.) to a specific URL.
I
F
Android.GGTracker
Sends various SMS messages to a premium rated number. It also steals information from the device.
G
Android.GingerBreak
GingerBreak is a root exploit for Android 2.2 and 2.3
H
Android.GingerMaster/GingerBreaker
Gains root access and is harvesting data on infected smartphones. This data is send to a remote server afterwards.
H
F
Android.GoldenEagle/GlodEagl
This Trojan steals personal information and receives commands via SMS.
I
F
Android.GoneIn60Seconds
Steals information (SMS messages, IMEI, IMSI, etc.) from infected smartphone and uploads the data to a specific URL.
F
Android.GPspy
Tracks the location of the infected device.
J
Android.HippoSMS
Sends various SMS messages to a premium rated number and deletes the incoming SMS messages from this numbers.
G
Android.HongTouTou/Adrd
Is an information stealing malware which uploads the stolen data through a local proxy to a remote server. The data is encrypted beforehand.
F
Android.Iconosys
This application steals personal data.
F
Android.Imlog
This application steals personal data.
F
Android.Jifake
This application sends premium rated SMS messages.
G
Android.Jsmshider/Xsider
Opens a backdoor and sends information to a specific URL.
F
Android.Kidlogger
This Trojan steals personal information and sends it to a remote server.
F
Android.KMIN
Attempts to send Android device data to a remote server.
F
Android.Ksapp
This Trojan has the capabilities to remote access connection handling, perform DoS or DDoS, capture keyboard inputs, delete files or objects, or terminate processes.
H
I
D
Android.LeNa
LeNa needs a rooted device for the following actions: Communicating with a C&C-Server, downloading and installing other applications, initiating web browser activity, updating installed binaries, and many more….
H
I
E
F
Android.Loicdos
This Trojan has the capability to perform DoS or DDoS.
D
Android.Loozfon
This Trojan steals personal data.
F
Android.Lovetrap/Luvrtrap
Sends SMS messages to premium rated numbers and steals smartphone information.
G
Android.Luckycat
Opens a backdoor and is listening for commands from a remote server.
H
I
Android.Maistealer
This Trojan steals personal data
F
Android.Mania
This Trojan sends SMS messages to premium rated numbers.
G
Android.MMarketPay
This Trojan can automatically buy applications in Chinese Android marketplaces.
E
Android.MobileSpy
This Trojan steals personal data.
F
Android.MobileTx
This Trojan steals personal data and sends it via SMS messages or HTTP.
F
Android.Mobinauten
This application tracks the location of the infected smartphone.
J
Android.Moghava
Compromises all pictures of the smartphone by merging them with a picture of Ayatollah Khomeini.
D
Android.Nandrobox
This Trojan steals personal data and deletes certain SMS messages.
F
Android.Netisend
Gathers information from infected smartphones and uploads the data to a specific URL.
F
Android.Nickispy
Gathers information from infected smartphones (IMSI, IMEI, GPS location, etc.) and uploads the data to a specific URL.
I
J
F
Android.OpFake
The second most common Fraudware. These applications send premium SMS messages.
G
Android.PDAspy
This Trojan steals personal data and location information.
F
J
Android.Penetho
This application is a hack tool to crack WiFi passwords.
D
Android.Pjapps
Opens a backdoor and steals information from the device. This malware has capabilities of a bot implemented.
I
Android.Placms
This Trojan has the capabilities to remote access connection handling, perform DoS or DDoS, capture keyboard inputs, delete files or objects, or terminate processes.
H
I
Android.Plankton
This malware has the capabilities to communicate with a remote server, download and install other applications, send premium rated SMS messages, and many many more….
I
G
F
E
Android.Qicsomos
It sends SMS messages to premium rated numbers.
G
Android.Raden
This malware is sending one SMS message to a chinese premium number.
A
G
Android.RootSmart/Bmaster
This malware is taking advantage of the GingerBreak exploit to gain root privileges. This exploit is not embedded into the application instead it is dynamically downloaded from a remote server together with other malicious apps.
H
G
I
F
J
E
Android.RuFraud
Sends premium rated SMS messages. This is the first malicious app of this kind which was specially build for European countries.
A
G
Android.Saiva
This Trojan has the capabilities to remote access connection handling, perform DoS or DDoS, capture keyboard inputs, delete files or objects, or terminate processes.
H
I
Android.Scavir
Sends SMS messages to premium rated numbers.
G
Android.SeaWeth
This Trojan has the capabilities to remote access connection handling, perform DoS or DDoS, capture keyboard inputs, delete files or objects, or terminate processes.
H
I
Android.SMSpacem
Gathers information from the smartphone and uploads this data to a specific URL. This malware also sends SMS messages.
G
I
F
Android.SMSreg
Registers the infected smartphone to non-free services.
D
Android.SMSilence/SMSCatcher
SMS Trojan targeting Starbucks consumers in South Korea. This Trojan receives all incomming SMS messages and uploads them to a remote Server.
F
Android.SMSspy
Banking Trojan targeting consumers in Spain.
C
Android.SMSsniffer
Sends copies of SMS messages to other devices.
G
Android.Sndapps/Snadapps
The malware is able to access various information from the device: the carrier and country, the device’s ID, e-mail address and phone number and uploads this information to a remote server.
F
Android.SpamBot
Sends SMS spam messages. The application gets the content of the spam message and the receiver numbers through a C&C-Server.
G
I
Android.Spitmo
Is one of the first versions of the SpyEye Trojans for the Android OS which steals information from the infected smartphone. The Trojan also monitors and intercepts SMS messages from banks (mTAN messages) and uploads them to a remote server.
F
C
Android.SPPush
This malware is sending premium rated SMS messages and is posting privacy related information to a remote server. From the same server the malware is downloading new applications.
G
F
E
Android.SpyBubble
This Trojan steals personal data.
F
Android.SpyOO
This Trojan records and steals personal data.
F
Android.Ssucl
This Trojan is the first Android Trojan which is able to infect a connected Windows PC. Additionally, it is able to send SMS messages, enable Wi-Fi, gather information about the device and its user (like contacts, photos, GPS data) which is uploaded to a remote server. Furthermore, this Trojan is able to upload the whole SD card and all SMS messages stored on the device.
B
G
I
F
J
Android.Steek/Fatakr
Is a fraudulent app advertising an online income solution. Some of the samples have the capability to steal privacy related information and send SMS messages.
A
G
F
Android.TapSnake/Droisnake
Posts the phone’s location to a web service.
J
Android.Tascudap
This application connects to a remote server (gzqtmtsnidcdwxoborizslk.com) and monitors incoming SMS messages for comands. The infected device can be used for DDoS attacks.
I
F
Android.Tetus
This Trojan receives all incomming SMS messages and uploads them to a remote server. The corresponding app is also allowed to delete SMS messages on the infected device and is able to send SMS messages. Additionally, the Trojan sends a list of all installed apps to a remote server.
G
F
Android.TigerBot
This malware is communicating with a C&C-Server via SMS messages, is able to download and install other applications, initiate web browser activities, update installed binaries, and many more….
I
H
F
E
Android.Tonclank
Opens a backdoor and downloads files onto the infected devices. It also steals information from the smartphone.
E
Android.TGloader/Stiniter
Listens to a C&C-Server for commands. This Trojan can install additional applications and send premium rated SMS messages.
I
G
E
Android.TypStu
This Trojan steals personal data.
F
Android.UpdtBot
This malware spreads through malicious SMS messages and communicates with a C&C-Server. The corresponding samples have the ability to install additional packages and send premium rated SMS messages.
I
G
E
Android.UpdtKiller
This Trojan detects and disables installed AV applications.
D
Android.Uxipp
This malware attempts to send premium rated SMS messages.
G
Android.Vdloader
This malware opens a backdoor on the infected device and steals personal data.
H
F
Android.Walkinwat/Pirater
Sends SMS messages to all numbers within the phone book and steals information from the infected device.
G
Android.YZHC
This malware is sending premium rated SMS messages and blocks any incomming message that informs the user about this services. As another malicious behaviour the malware is uploading privacy critical information to a remote server.
A
G
F
Android.Zeahache
Opens a backdoor and uploads stolen information to a specific URL. It also sends SMS messages.
H
A
G
F
Android.ZergRush
ZergRush is a root exploit for Android 2.2 and 2.3
H
Android.Zitmo/Citmo
Tries to steal confidential banking authentication codes (mTAN messages) sent to the infected device.
F
C
Android.Zsone
Sends SMS messages to premium rated numbers related to subscription for SMS-based services.
A
G

(last update 28th of February 2013)

I Functionallity of a Botnet
H Gains root access or at least tries to convince the user to root his phone
A Downloaded through the official Google-Market
G Sends paid or malicious SMS messages
J Steals location information
F Information stealing to a remote server
E Installs other applications or binaries
D Potentially unwanted application (“Hacker”-Tools)
C Banking Trojan which is able to intercept and modify banking authentication codes (mTAN messages).
B Trojan which is able to infect a connected Windows PC.

也许你对这些文章感兴趣

相关 [android 恶意程序] 推荐:

目前最全的android恶意程序的分类谱

- - 山中何事的技术博客
下面是目前市面上统计到最全的安卓恶意程序的分类族谱了. 每类恶意程序的特点用ABCD等来描述,恶意软件的特点在表格最下方列出. 来源编译自 http://forensics.spreitzenbarth.de/android-malware/. Opens a backdoor in Android devices and is able to steal personal information which will be uploaded to a remote server afterwards.

中国Android恶意程序把博客作为指令控制服务器

- Woooon - Solidot
趋势科技发现了在中国Android第三方应用商店传播的新恶意程序,利用了一种新的技巧接收指令. 该恶意程序伪装成电子书阅读器“万阅公寓”,通过Android第三方应用商店下载传播. 在安装前,它会要求用户许可访问网络、个人信息、电话和系统工具等. 如果这些许可获得批准,它将能控制手机,包括唤醒手机、阅读日志文件,联系人信息,接收和发送SMS.

攻击者能利用开放WiFi向Android应用注入恶意程序

- - 博客园_新闻
安全研究人员称,旧版本 Android 系统发现的一个漏洞,可以让攻击者在终端用户智能手机上 执行恶意代码. 漏洞存在于一个广泛使用的应用程序接口 WebView 上, 开发者可以利用该接口在应用中嵌入 Web 内容. 研究人员发现,大多数使用该接口的程序没有正确使用安全链接下载 Web 内容.

uTorrent官方软件被黑客替换成恶意程序

- applelen - Solidot
BitTorrent官方博客证实,太平洋夏令时13日凌晨4:20左右,黑客入侵了uTorrent.com服务器,将Windows版本的uTorrent程序替换为假杀毒软件Security Shield. BitTorrent在6点左右将服务器下线,现已恢复上线. 官方建议在4:20 a.m.到6:10 a.m.之间下载软件的用户用杀毒软件扫描系统.

NSA如何将恶意程序部署到你的电脑里

- - Solidot
NSA如何将恶意程序安装到你的电脑里. 部署恶意程序通常分为两步:第一步,让受害者访问你控制的一个网站;第二步,将恶意程序安装到受害者电脑里. 为了实现第一步,攻击者也就是NSA可以利用钓鱼攻击——据说中国黑客最喜欢用的手段,但NSA有更高级的——中间人攻击. NSA在骨干网上设立了它控制的一组服务器,使用这些服务器将目标的目的地重定向到NSA控制的另一组服务器,这组服务器主要用于植入恶意程序.

中国公司的手持扫描仪被发现携带恶意程序

- - Solidot
一家向全球物流和运输公司出售手持扫描仪硬件和软件的中国公司被发现其产品携带了恶意程序. 恶意程序渗透到企业内网后会向位于中国的指令控制服务器发送数据,而其中一个指令控制服务器位于山东蓝翔职校. 安全公司TrapX发布了分析报告(PDF),将这一攻击行动命名为Zombie Zero. 它怀疑黑客攻击背后的支持者可能是国家.

Android 遥控车

- CasparZ - LinuxTOY
您确定您真的会用 Android 手机玩赛车. 16 岁的法国学生 Jonathan Rico 使用 Android 手机通过蓝牙实现了对改装玩具汽车的遥控. 操控的方式和那些标榜的智能手机游戏一样,使用重力感应,差别是这次控制的是现实世界中的遥控汽车. 收藏到 del.icio.us |.

Android免费?毛

- Ruby - FeedzShare
来自: 36氪 - FeedzShare  . 发布时间:2011年08月17日,  已有 2 人推荐. 微软CEO Steve Ballmer在预测竞争对手产品时通常口无遮拦. 比如他去年抨击Google的Android战略时,很多人都不屑一顾. 接着Android蚕食了微软的地盘,后来又开始侵犯苹果的地盘.

GetEd2k (Android应用)

- 某牢 - eMule Fans 电骡爱好者
GetEd2k是一个Android应用程序,作者是anacletus. 此应用可以帮助你把网页中的电驴(eDonkey) 链接添加到你个人电脑的电驴客户端里,不过前提是你的客户端开启了用于远程控制的Web interface(Web服务器,网页接口,Web界面),当然,eMule(电骡), MLDonkey 和 aMule 都支持该功能,所以这三种主流电驴客户端的用户都可以使用GetEd2k.