Results for android malware

Threat Research

FunkyBot: A New Android Malware Family Targeting Japan

FortiGuard Labs has uncovered FunkyBot, a new android malware family targeting Japan. Read more about the packing mechanisms and deployed payload of FunkyBot.

By Dario DurandoSeptember 04, 2019

Threat Research

BianLian: A New Wave Emerges

The FortiGuard Labs team has encountered a new version of the BianLian malware family with new functionalities and unseen techniques to hide its true functionality. Read more about this breaking threat research.

By Dario DurandoJuly 03, 2019

Industry Trends

As the Holiday Season Draws Near, Mobile Malware Attacks Are Prevalent

Fortinet's quarterly Global Threat Landscape Report reveals threats are increasing and evolving to become more sophisticated. Unique threat variants and families are on the rise, while botnet infections continue to infect organizations.

By FortiGuard SE TeamNovember 14, 2018

Threat Research

How-to Guide: Defeating an Android Packer with FRIDA

FortiGuard Labs has encountered a lot of packed Android malware recently. One interesting aspect to this malware is that even though the packer being used is consistently the same, the malware that it drops changes quite frequently. In this blogpost we will demonstrate how to unpack the malware deployed by today’s most common dropper using only open-source free tools.

By Dario DurandoNovember 02, 2018

Threat Research

FakeSpy Comes Back. New Wave Hits Japan

FortiGuard Labs recently encountered malicious traffic traveling to a C2 server located in China. The connection was established by a domain using a name that closely resembled one of Japan’s most famous express post delivery services. Our analysis showed that the website making this connection is fake, and moreover, it is spreading an Android malware.

By Dario Durando, Evgeny AnaninOctober 02, 2018

Threat Research

An Android Package is no Longer a ZIP

Over the past few years, I have been giving workshops on Android reverse engineering - my next one will be an advanced session at Virus Bulletin in October. As with most other researchers on Android, I typically start off with a slide explaining that an Android Package (APK) is just a ZIP. Since Android 7.0, however, this is no longer true.

By Axelle ApvrilleAugust 23, 2018

Threat Research

Android/BondPath: a Mature Spyware

We have recently stumbled on several active samples of an Android spyware. They belong to a family we have named BondPath (also known as PathCall or Dingwe), which was first reported in May 2016. While our customers have been protected against that malware since 2016, in July 2018 we discovered that some samples are still in the wild and continue to be a threat to unprotected smartphones.

By Axelle ApvrilleAugust 23, 2018

Threat Research

Android Spyware Now Dropping Legit Apps?

Building on some previous research in the industry, FortiGuard Labs recently took a closer look at some Android malware impersonating the mobile version of the very popular game Fortnite.

By Dario DurandoJune 03, 2018

Threat Research

Analyzing Android malware using a FortiSandbox

In this blog post we will analyze a couple of Android malware samples in the Android VM of the FortiSandbox. We'll also share a few interesting and useful tricks. Running a sample in the VM To run a given sample in the Android VM, you should log into the FortiSandbox, make sure an Android VM is available, and then "Scan Input" / Submit a New File. Next, if the objective is to run the malware in the sandbox, you must make sure to skip "static scan," "AV scan," and "Cloud Query"...

By Axelle ApvrilleAugust 17, 2017

Threat Research

Spring Parade for Refreshed Android Marcher

Android malware continues to grow exponentially now that it has overtaken the top position as the most popular OS (across all platforms), making it the target of choice for malware authors. Android Marcher is an Android banker malware that has been on the FortiGuard Labs radar since late 2013. Since that time it has been seen in a number of campaigns targeting many different banks and countries. And now, Marcher has once again resurfaced with a new campaign. Over the past few months we have observed it masking itself in a variety of ways...