iOS malware samples

Here you have a set of iOS malware, grouped by malware family. This set of malware was used for experiments in “A Peek Under the Hood of iOS Malware”, in the 1st International Workshop on Malware Analysis (paper available here).

If you are interested in citing this set, please use the following (BiBTeX format):

@InProceedings{GR-WMA-16,
author = {Laura Garc\'{i}a and Ricardo J. Rodr\'{i}guez},
title = {{A Peek Under the Hood of iOS Malware}},
booktitle = {Proceedings of the 2016 11th International Conference on Availability, Reliability and Security (ARES)},
year = {2016},
pages = {590--598},
month = aug,
abstract = {Malicious software specially crafted to proliferate in mobile platforms are becoming a serious threat, as reported by numerous software security vendors during last years. Android and iOS are nowadays the leaders of mobile OS market share. While malware targeting Android are largely studied, few attention is paid to iOS malware. In this paper, we fill this gap by studying and characterizing malware targeting iOS devices. To this regard, we study the features of iOS malware and classify samples of 36 iOS malware families discovered between 2009 and 2015. We also show the methodology for iOS malware analysis and provide a detailed analysis of a malware sample. Our findings evidence that most of them are distributed out of official markets, target jailbroken iOS devices, and very few exploit any vulnerability.},
doi = {10.1109/ARES.2016.15},
keywords = {iOS, malware, attacks, threats, classification},
url = {http://webdiis.unizar.es/~ricardo/files/papers/GR-WMA-16.pdf},
}

Use the common password for malware sharing to decompress the file. Namely, the MD5s of the samples included in this set are the following:

  • inception
    • 4e037e1e945e9ad4772430272512831c
  • iosinfector_hackingteam
    • 35c4f9f242aae60edbd1fe150bc952d5
  • keyraider
    • 0f710f8397ec969af26c299a63aeda8b
    • 8985ecbc80d257e02c1e30b0268d91e7
    • dc71cb3a71f159e667367cb07d2660f7
    • ddf224f63ee9c7fba76298664a2b0b00
  • muda.a
    • 05d615734979f5a1fb3b943e7646be33
    • 8b76337397a00337d1cd7104a8b3cae4
    • dd499d63d93cd8a8b81dc7d88ebcaaa8
  • santaAPT
    • 07645ab4de213f588289cda16009c799
    • 0e39b6eb628aa783fb9d95995891fe5b
    • 2e580d7e09ce05d1943199bd00362ded
    • 3ce9962e70492a5a8786d24688cb3280
    • 5533e893642264930100b314014ccbb0
    • 790035c9485d8061ae79587cf8d63a64
    • 884a988a6cdb7584b1d5128e54b53f60
    • a2ea4ebc168384e1d3b2879eeea21421
    • adc8cd33f6c676797ac949bcd79a9d36
    • cc3db06722aaeec8ad8690cfa521778b
    • e2d98e303a1331f2adb6a66663e2932d
    • e8d7eccfa480147bdf588f63accb9319
  • spykey
    • ba91eee0a3cc8c54c69162f37eb0f95a
  • tinyv
    • 06036a5ce6927e75c774fc9669259105
    • 724329f5be3cea4cf5ad51a1c8558638
    • 8187fb5f41be95d54931695fba465d7b
    • ccc9c5207b432cdb60e154a52c796ac1
    • e8d28837e92e98bdcd6530990482ec14
  • xagent
    • 823dcbd2fca465fabae71098bbb81e1e
  • yispecter
    • 0b98ee74843809493b0661c679a3c90c
    • 29e147675af38ece406b6227f3ccd76b
    • 304a10d364454ee8f2e26979927c0334
    • 35ee9556457d6170ea83c800887c1cbe
    • 3a41bb59e2946a66bbd03a8b4d51510b
    • 4460f3d29a4bce8aa8e8ffde4a467b70
    • 62c6f0e3615b0771c0d189d3a7c50477
    • 6e907716dc1aa6b9c490ce58aaae0d53
    • 8e93947dfd1b11a77a04429bd8b32ced
    • 97210a234417954c7bbe87bfe685eaae
    • e6b45faf823387bca7524c4d0329543f
    • fbf92317ca8a7d5c243ab62624701050
    Comments are closed.