Fake Apps Affect ANDROID OS Users
- ANDROIDOS_DROIDSMS.A: Came disguised as Windows Media Player.
- ANDROIDOS_DROISNAKE.A: Came in the form of a game known as Tap Snake.
- ANDROIDOS_GEINIMI.A: Came in the form of Trojanized apps hosted in certain third-party app stores in China.
- ANDROIDOS_ADRD.A: Comes in the form of a Trojanized wallpaper app.
- ANDROIDOS_LOTOOR.A: Trend Micro’s detection for Trojanized versions of legitimate apps like “Falling Down”.
- ANDROIDOS_BGSERV.A: Trojanized version of Android Market Security Tool, which was released to address the modifications done by AndroidOS_LOTOOR.A.
Detection Name |
Routines |
ANDROIDOS_DROIDSMS.A |
Attempts to send text messages containing the string “798657” to premium-rate numbers using the infected device’s current default SMS Center (SMSC) by exploiting the Permissions function (android.permission.SEND_SMS). Upon further analysis, however, it failed to successfully run due to programming errors. |
ANDROIDOS_DROISNAKE.A (aka Tap Snake) |
Capable of sending an affected user’s GPS location via HTTP POST upon acceptance of its end- user license agreement (EULA). |
ANDROIDOS_GEINIMI.A |
Opens several ports and connects to specific URLs to receive and execute commands from a remote user. These commands allow the remote user to gather specific information and system properties from the infected device. |
ANDROIDOS_ADRD.A |
Gathers information like International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) numbers from infected systems, which is then sent to a specific site. It also downloads an updated copy of itself when executed. |
ANDROIDOS_LOTOOR.A (aka fake Falling Down) |
Connects to specific sites to send and receive information from a remote user. It steals information like ClientInfo as well as IMEI and IMSI numbers from infected devices. It also downloads other malicious apps onto the infected devices. |
ANDROIDOS_BGSERV.A (aka fake Android Market Security Tool) |
Gathers information from an infected device, which is then sent it to a remote user. It also intercepts sent and received text messages and calls as well as downloads files and videos. |
ANDROIDOS_SMSREP.A |
Secretly forwards all incoming text messages to a remote user. |
ANDROIDOS_FAKEP.A |
Attempts to send
text messages to premium-rate numbers. |
ANDROIDOS_FSPY.A |
Monitors an
infected device’s GPS location, text and email messages, as well as calls. It
also gives a remote user the capability to remotely listen to an affected
user’s calls and to control an infected device via SMS. |
- Go to Settings > Applications > Running Service.
- Look for SnakeService and select Stop.