ANDROIDOS_PLANKTON.AB

 Analysis by: Sabrina Lei Sioting

 ALIASES:

Trojan:AndroidOS/Plankton.gen!A (Microsoft), Android.Counterclank (Symantec), Andr/NewyearL-B (Sophos), Application:Android/Counterclank.A (Fsecure), Trojan.AndroidOS.Plankton.h (Sunbelt), Andr.Plangton-12 (Clamav), Riskware/CounterClank!Android (Fortinet), Trojan.AndroidOS.Plankton (Ikarus), Android/Plankton.H trojan (Eset),

 THREAT SUBTYPE:

Information Stealer

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Backdoor

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This is the Trend Micro detection for Android applications bundled with malicious code. It may connect to its C&C server and send details regarding the infected device.

This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

  TECHNICAL DETAILS

File Size:

2,600,304 bytes

File Type:

APK

Memory Resident:

Yes

Initial Samples Received Date:

30 Jan 2012

Payload:

Steals information

Arrival Details

This backdoor may be unknowingly downloaded by a user while visiting malicious websites.

It may be manually installed by a user.

NOTES:

This Android malware may connect to its C&C server and send details regarding the infected device:

  • http://www.{BLOCKED}and.com/ProtocolGW/protocol/commands

The device details it sends are the following:

  • Android version
  • Brand
  • Device
  • Device ID (IMEI)
  • Display metrics
  • Locale
  • Manufacturer
  • Model
  • SDK version
It waits for the following backdoor commands from the server:

  • /activate
  • /bookmarks
  • /commandstatus
  • /homepage
  • /info
  • /notifications
  • /optout
  • /shortcuts
  • /terminate
  • /unexpectedexception

It has the capability to do the following routines:

  • Get / set homepage of the browser
  • Get / set bookmarks
  • Get / get shortcuts
  • Get / set notification link, title, icon and text

  SOLUTION

Minimum Scan Engine:

9.200

TMMS Pattern File:

1.183.00

TMMS Pattern Date:

30 Jan 2012

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.

Related Malware