Not so boring Android malware
Welcome! The purpose of this website is to gather a diverse set of different Android malware samples. So often the Android malware datasets are boring. They have the same or very similar malware families and, if used to practice reverse engineering, may become very repetitive.
I’ve decided to create a list of samples which are different. Each one should give you a different, fun reverse engineering challenge. The samples are divded in three sections: easy, average and difficult. Each one contains a short description of what the malware does (but no spoilers!). All samples are sourced from publicly available websites and link to these websites.
My promise to you is that in this list there is only one banking phishing app and there will always be only one banking phishing app.
5251a356421340a45c8dc6d431ef8a8cbca4078a0305a87f4fbd552e9fc0793e- a very simple screen locker (ransomware) with a clear text password.
355cd2b71db971dfb0fac1fc391eb4079e2b090025ca2cdc83d4a22a0ed8f082- very simple SMS stealer
058a26ed7cbd3970edeccd39c03383bf48974be8b755e48961eca15837b61e3c- Hydra banking trojan (a bit of obfuscation and native code)
c8d51db4b2171f289de67e412193d78ade58ec7a7de7aa90680c34349faeeee2- infostealer from a targeted attack
960a508a362cd881f91182409f39643e2a923dd2b676227e690bb34b1985635a- app which makes unwanted calls and has some clever obfuscation techniques
0e30948b3327a093bd7b35a10f65bc1f03a9b8d1d3e242dd6b5726e9136aaff0- backdoored legitimate apkpure application with a component responsible for additional downloads and adware
ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5- Old Android Chrysaor (Pegasus) sample, I highly recommend going through the native code section
4406fb8e027a03c570b43778fe5d6bc38ea285f36221eee03f2e1abaa2d20651- Joker sample packed with an annoying packer
124228375f48e29f237d9a3256d0634d0b7fd5351a6a858a934ba29bed4632f4- Triada sample, a library from the system image (hint: look for encrypted strings)
The list was put together by me, @maldr0id