arrow_back
search
close

ANDROIDOS_ANDFRASPY.HAT

March 03, 2015
 Analysis by: Yang Yang
 THREAT SUBTYPE:

Spying Tool

 PLATFORM:

AndroidOS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Spyware

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Via app stores


This spyware may be downloaded from app stores/third party app stores.

  TECHNICAL DETAILS

File Size:

166,917 bytes

File Type:

APK

Memory Resident:

Yes

Initial Samples Received Date:

26 Jan 2014

Payload:

Connects to URLs/IPs

Arrival Details

This spyware may be downloaded from app stores/third party app stores.

NOTES:

This malware can hijack the power button of an Android smartphone. After pressing the power button and the screen shutdown, it can do any of the following:

  • Wait for the remote control (20150225153259.png)
  • Send private messages, send SMS, and delete incoming SMS (20150225154057.png)
  • Monitor or block the incoming calls, and send the record to remote server (20150225153836.png)
  • Send GPS locations to remote server (20150225153655.png)
  • Send the file list to remote server
  • Delete and add APN

The remote server lists are:

  • {BLOCKED}.{BLOCKED}.208.163:6565
  • {BLOCKED}.{BLOCKED}.208.163:6365
  • helloworld00.{BLOCKED}2.org:6365
  • androidupdate.{BLOCKED}0.org:6565
  • helloworld0*.{BLOCKED}2.org:6565

  SOLUTION

Minimum Scan Engine:

9.700

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.