ANDROIDOS_FAKEAPP.SM

This Android malware arrives as a fan-made application that tricks users into thinking that it is the same as the original. It displays advertisements upon installation.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This malware arrives as a Trojanized Android application. Upon execution, it creates shortcuts pointing to ads sites on the device's home page. It does this by downloading details about its intended ads on certain sites.

This Trojan may be manually installed by a user.

Arrival Details

This Trojan may be manually installed by a user.

NOTES:

This malware arrives as a Trojanized Android application.

Upon execution, it creates shortcuts pointing to ads sites on the device's home page. It does this by downloading details about its intended ads on the following sites:

• www.{BLOCKED}dsettings.com
• ad.{BLOCKED}boltapps.net

Below is an example of the created shortcuts:

Aside from home page shortcuts, it also displays advertisements via notifications:

It then reports infection by uploading information to the following C&C server:

• http://api.{BLOCKED}push.com/v2/api.php

Sent information includes the following:

• IMEI
• Carrier
• Network operator
• Phone model
• API Key
• App Id
• Token
• Infection timestamp
• Package name and version
• Wifi information
• User agent
• Android ID

After executing its payload, it then displays the following fake notification to the user: