ANDROIDOS_FAKEINSTALL.CATC
Premium Service Abuser
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
Downloaded from the Internet
This mobile malware is capable of sending premium-rate SMS to a number of countries, ensuring its wide reach.
This mobile malware uses an adult-related name to trick users into downloading it on their phones.
It connects to a C&C server to get commands. It is capable of sending premium SMS messages to 95 different codes used in various countries.
TECHNICAL DETAILS
129,491 bytes
APK
Yes
28 Apr 2014
Connects to URLs/IPs
NOTES:
This mobile malware uses an adult-related name to trick users into downloading it on their phones. Upon installation, it registers itself as a service to run after every system reboot.
Every certain time, it connects to a C&C server to get commands. The server's address is stored in an encrypted file. Depending on the commands returned by the C&C server, this mobile malware can do the following:
- Change C&C server address
- Send SMS message
- Hide itself
- Intercept incoming SMS message
When launched manually, it asks users to send premium SMS message to watch the video. SMS body and address is decrypted from a file. The file contains 95 country/zone's premium numbers and codes to make sure this malware works in most places.
SOLUTION
9.700
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Did this description help? Tell us how we did.