ANDROIDOS_LIANGOU.HRX
Data de publicação: 26 dezembro 2015
Threat sub-type::
Premium Service Abuser, Malicious Downloader
Plataforma:
Android OS
Classificao do risco total:
Potencial de dano:
Potencial de distribuição:
infecção relatada:
Exposição das informações:
Baixo
Medium
Alto
Crítico
Tipo de grayware:
Trojan
Destrutivo:
Não
Criptografado:
In the Wild:
Sim
Visão geral
Überwacht alle eingehenden und ausgehenden Anrufe. Zeigt Popup-Werbung an. Dies ist die Erkennung von Trend Micro für Android-Anwendungen, die mit bösartigem Code gekoppelt sind.
Detalhes técnicos
Tipo de compactação: 181215 bytes
Residente na memória: Sim
Data de recebimento das amostras iniciais: 09 outubro 2015
Mobile Malware-Routine
Greift auf folgende bösartige URL(s) zu, um Dateien herunterzuladen:
- http://www.{BLOCKED}3.com/star/sifang/
- http://m.{BLOCKED}z.com/h/meihuo/
- http://m.{BLOCKED}3.com/gaoqingmeinv/
- http://www.{BLOCKED}1.com/xinggan/
- http://www.{BLOCKED}2.cc/xingganmeinv/
- http://www.{BLOCKED}z.com/a/xingganmeinv/
- http://m.{BLOCKED}u.com/
Überwacht alle eingehenden und ausgehenden Anrufe.
Zeigt Popup-Werbung an.
Fordert bei der Installation die folgenden Berechtigungen:
- android.permission.RECEIVE_BOOT_COMPLETED
- android.permission.SEND_SMS
- android.permission.RECEIVE_SMS
- android.permission.READ_SMS
- android.permission.WRITE_SMS
- android.permission.RECEIVE_MMS
- android.permission.RECEIVE_WAP_PUSH
- android.permission.INTERNET
- android.permission.ACCESS_NETWORK_STATE
- android.permission.READ_PHONE_STATE
- android.permission.CHANGE_NETWORK_STATE
- android.permission.CHANGE_WIFI_STATE
- android.permission.ACCESS_WIFI_STATE
- android.permission.DEVICE_POWER
- android.permission.WAKE_LOCK
- android.permission.WRITE_APN_SETTINGS
- android.permission.WRITE_SETTINGS
- android.permission.WRITE_EXTERNAL_STORAGE
- android.permission.MOUNT_UNMOUNT_FILESYSTEMS
- android.permission.INTERNET
- android.permission.READ_PHONE_STATE
- android.permission.ACCESS_NETWORK_STATE
- android.permission.ACCESS_WIFI_STATE
- android.permission.CHANGE_WIFI_STATE
- android.permission.BLUETOOTH
- android.permission.WRITE_EXTERNAL_STORAGE
- android.permission.RECEIVE_BOOT_COMPLETED
- android.permission.GET_TASKS
- android.permission.PACKAGE_USAGE_STATS
- android.permission.CHANGE_NETWORK_STATE
- android.permission.BROADCAST_STICKY
- android.permission.INSTALL_PACKAGES
- android.permission.DELETE_PACKAGES
- android.permission.WRITE_SECURE_SETTINGS
- android.permission.WAKE_LOCK
- android.permission.GET_TASKS
- android.permission.SYSTEM_ALERT_WINDOW
- android.permission.PACKAGE_USAGE_STATS
- com.android.launcher.permission.READ_SETTINGS
- com.android.launcher.permission.WRITE_SETTINGS
- com.android.launcher.permission.INSTALL_SHORTCUT
- com.android.launcher.permission.UNINSTALL_SHORTCUT
- android.permission.READ_EXTERNAL_STORAGE
- android.permission.MOUNT_UNMOUNT_FILESYSTEMS
- android.permission.READ_OWNER_DATA
Dies ist die Erkennung von Trend Micro für Android-Anwendungen, die mit bösartigem Code gekoppelt sind.
Kann die folgenden Aufgaben ausführen:
- download unwanted apps
- push adult ads
- register as device admin
Solução
Mecanismo de varredura mínima: 9.800