Teardown of a Recent Variant of Android/Ztorg (Part 1)

Ztorg, also known as Qysly, is one of those big families of Android malware. It first appeared in April 2015, and now has over 25 variants, some of which are still active in 2017. Yet, there aren't many technical descriptions for it - except for the initial Ztorg.A sample - so I decided to have a look at one of the newer variants, Android/Ztorg.AM!tr, that we detected on January 20, 2017. The sample poses a "Cool Video Player" and its malicious activity was so well hidden I initially thought I had run into...

Leave a Reply