“Last Thursday’s post links to “Stels” analysis by Dell SecureWorks. (Read it!) Stels is a versatile Android trojan which has recently started spreading via the Cutwail spam botnet.
Android malware being distributed by a mass-market crimeware gang — could be a game changer.
So, how did Stels spread before Cutwail?
Here’s a few slightly older Stels variants and the dates we first saw them, all distributed (at least) via a web portal called spaces.ru.
• efb387ae109f6c04474a993884fe389e88be386f — Dec 5th
• 8b99a836572231ffdcb111628fc1dcfb5d9ee31d — Dec 7th
• 109b2adde84bb7a4ebf59d518863254e9f01c489 — Dec 10th
• 9384480d82326e89ce52dd3582cf0d6869d59944 — Dec 13th
• 8abc7ee0071ac32188c3262cf4ff76cc6436b48f — Jan 3rd
We detect numerous versions of Stels as Trojan:Android/SmsSpy.K. And this screenshot from our Malware Sample Management System (MSMS) gives a very good idea of the social engineering involved:” Read more here.