ANDROIDOS_DROISNAKE.A

 Analysis by: JessaD

 THREAT SUBTYPE:

Spying Tool

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Spyware

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW


Trend Micro has flagged this spyware as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. Specifically, it runs on mobile phones with Android operating system.

To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below.

This malware works alongside GPS Spy. It disguises as an Android game application.

A malicious user may physically install this application by downloading it using the Android Market on a targeted phone.

However, the malicious user must register the application by entering an email address and a key that the malicious user uses in order to track the affected phone using GPS Spy app.

It then retrieves the current GPS coordinate of the affected phone and sends it via HTTP Post.

The malicious user may then use the email and the key on the GPS Spy app to be able to track the affected file.

This spyware may be manually installed by a user.

  TECHNICAL DETAILS

File Size:

25,968 bytes

File Type:

Other

Memory Resident:

Yes

Initial Samples Received Date:

17 Aug 2010

Arrival Details

This spyware may be manually installed by a user.

NOTES:

Other Details

Based on analysis of the codes, it has the following capabilities:

  • This malware works alongside GPS Spy
  • It disguises as an Android game application.
  • A malicious user may physically install this application by downloading it using the Android Market on a targeted phone.
  • The malicious user must register the application by entering an email address and a key that the malicious user uses in order to track the affected phone using GPS Spy app.
  • It then retrieves the current GPS coordinate of the affected phone and sends it via HTTP Post on the following address: http://{BLOCKED}apoints.appspot.com/addPoint?email=%_email_%&code=%_key_%&time=%_currenttime_%&lat=%_latitudecoordinate_%&lng=%_longitudecoordinate_%&pro=%_provider_%&acc=%_accuracy_%
  • The malicious user may then use the email and the key on the GPS Spy app to be able to track the affected file.

  SOLUTION

Minimum Scan Engine:

8.900

TMMS Pattern File:

1.105.00

TMMS Pattern Date:

13 Jun 2011

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.