Create Android_Clicker_G.yar

d82081da · mmorenog · GitHub · b6a1846a · d82081da
Commit d82081da authored Jul 29, 2016 by mmorenog Committed by GitHub Jul 29, 2016
Show whitespace changes
Inline Side-by-side

Showing with 19 additions and 0 deletions

Android_Clicker_G.yar Mobile_Malware/Android_Clicker_G.yar +19 -0

No files found.
--- a/Mobile_Malware/Android_Clicker_G.yar
+++ b/Mobile_Malware/Android_Clicker_G.yar
+/*
+    This Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as    long as you use it under this license.
+*/
+import "androguard"
+rule Android_Clicker_G
+{
+	meta:
+		author = "Jacob Soo Lead Re"
+		date = "01-July-2016"
+		description = "This rule try to detects Clicker.G samples"
+		reference = "https://blogs.mcafee.com/mcafee-labs/android-malware-clicker-dgen-found-google-play/"
+	strings:
+		$a = "upd.php?text="
+	condition:
+		androguard.receiver(/MyBroadCastReceiver/i) and $a
+}