ANDROIDOS_DROISNAKE.A

Trend Micro has flagged this spyware as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. Specifically, it runs on mobile phones with Android operating system.

To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below.

This malware works alongside GPS Spy. It disguises as an Android game application.

A malicious user may physically install this application by downloading it using the Android Market on a targeted phone.

However, the malicious user must register the application by entering an email address and a key that the malicious user uses in order to track the affected phone using GPS Spy app.

It then retrieves the current GPS coordinate of the affected phone and sends it via HTTP Post.

The malicious user may then use the email and the key on the GPS Spy app to be able to track the affected file.

This spyware may be manually installed by a user.

Arrival Details

This spyware may be manually installed by a user.

NOTES:

Other Details

Based on analysis of the codes, it has the following capabilities:

• This malware works alongside GPS Spy
• It disguises as an Android game application.
• A malicious user may physically install this application by downloading it using the Android Market on a targeted phone.
• The malicious user must register the application by entering an email address and a key that the malicious user uses in order to track the affected phone using GPS Spy app.
• It then retrieves the current GPS coordinate of the affected phone and sends it via HTTP Post on the following address: http://{BLOCKED}apoints.appspot.com/addPoint?email=%_email_%&code=%_key_%&time=%_currenttime_%&lat=%_latitudecoordinate_%&lng=%_longitudecoordinate_%&pro=%_provider_%&acc=%_accuracy_%
• The malicious user may then use the email and the key on the GPS Spy app to be able to track the affected file.