ANDROIDOS_ACCLEAKER.HBT
Information Stealer
Android OS
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
Via app stores
These malicious apps are found to gather account information from users' devices, including Google, Facebook, and Twitter account details. These apps use various social engineering techniques in order to appear legitimate on Google Play. As of this writing, the apps are still available on Google Play.
TECHNICAL DETAILS
894988 bytes
APK
Yes
21 Jan 2014
Collects system information
NOTES:
This malware appears as several apps on Google Play.
The app names are: "Sexy Girls Video Hot Photo", "Arkadas Sevgili Bul SevgiLand", "Buscar Amigo Amor", "Scare Them! Funny Scary Joke". The apps have been downloaded and installed in more than 50,000 Android devices.
When users launch the app and unconsciously click the only image in it, the app gathers the following account information:
- Google account names
- Facebook user names
- Twitter user name
It sends the information to the following remote server:
- http://{BLOCKED}.{BLOCKED}.71.142/s/s2.php?apptype=SPV1&email=
- http://www.{BLOCKED}ideoapp.com/sg/sg.php?email=
Below are code screenshots of the malware behavior.
SOLUTION
9.700
1.711.00
11 Apr 2014
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Did this description help? Tell us how we did.