Not so boring Android malware
Welcome! The purpose of this website is to gather a diverse set of different Android malware samples. So often the Android malware datasets are boring. They have the same or very similar malware families and, if used to practice reverse engineering, may become very repetitive.
I’ve decided to create a list of samples which are different. Each one should give you a different, fun reverse engineering challenge. The samples are divded in three sections: easy, average and difficult. Each one contains a short description of what the malware does (but no spoilers!). All samples are sourced from publicly available websites and link to these websites.
My promise to you is that in this list there is only one banking phishing app and there will always be only one banking phishing app.
Have fun!
Easy samples
5251a356421340a45c8dc6d431ef8a8cbca4078a0305a87f4fbd552e9fc0793e- a very simple screen locker (ransomware) with a clear text password.355cd2b71db971dfb0fac1fc391eb4079e2b090025ca2cdc83d4a22a0ed8f082- very simple SMS stealer86361fcace1ac9458d930d3cabffece4caaaa37ea17b690c2e0eafec5976795d- stalkerware / commercial spyware used to monitor devices to which the attacker has physical access00b8a464947aab72651801844d303c15481af26506028cc483eb00297b39bc95- fairly basic app dropper5d3ff202f20af915863eee45916412a271bae1ea3a0e20988309c16723ce4da5- a very comprehensive spyware sample with almost no obfuscation
Average samples
058a26ed7cbd3970edeccd39c03383bf48974be8b755e48961eca15837b61e3c- Hydra banking trojan (a bit of obfuscation and native code)c8d51db4b2171f289de67e412193d78ade58ec7a7de7aa90680c34349faeeee2- infostealer from a targeted attack960a508a362cd881f91182409f39643e2a923dd2b676227e690bb34b1985635a- app which makes unwanted calls and has some clever obfuscation techniques0e30948b3327a093bd7b35a10f65bc1f03a9b8d1d3e242dd6b5726e9136aaff0- backdoored legitimate apkpure application with a component responsible for additional downloads and adware200cf6e828ceecf44add627d97c0a893a517d8e318047b760c339b1572a0b303- fairly obfuscated stalkerware sample, with some code flow obfuscation
Difficult samples
854774a198db490a1ae9f06d5da5fe6a1f683bf3d7186e56776516f982d41ad3- fairly complex spyware called FinSpy, obfuscated with lots of advanced features and proprietary protocolsade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5- Old Android Chrysaor (Pegasus) sample, I highly recommend going through the native code section4406fb8e027a03c570b43778fe5d6bc38ea285f36221eee03f2e1abaa2d20651- Joker sample packed with an annoying packer124228375f48e29f237d9a3256d0634d0b7fd5351a6a858a934ba29bed4632f4- Triada sample, a library from the system image (hint: look for encrypted strings)
The list was put together by me, @maldr0id