AndroidOS_XLoaderPayload.HRX

 Analysis by: Francisrey Joshua Castillo

 ALIASES:

Trojan:Linux/Multiverze(Microsoft), HEUR:Trojan-Dropper.AndroidOS.Wroba.o(Kaspersky)

 PLATFORM:

Android

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This Trojan monitors all incoming and outgoing calls.

  TECHNICAL DETAILS

Payload:

Monitors calls

Mobile Malware Routine

This Trojan is a file that collects the following information on an affected mobile device:

  • Installed applications on the device
  • Account information for other applications stored on the device
  • Phone number (MSISDN for GSM devices)

Upon installation, it poses as the following application(s):

  • Poses as a spam message blocker from a third-party security vendor

It monitors all incoming and outgoing calls.

It is capable of doing the following:

  • Removes its main activity from the application launcher
  • Checks if the Android device is rooted.
  • Reads the content of the MMS message.
  • Checks the presence of a debugger

  SOLUTION

Minimum Scan Engine:

9.800

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:


Did this description help? Tell us how we did.