ANDROIDOS_CITMO.A

 Analysis by: Veo Zhang

 THREAT SUBTYPE:

Information Stealer, Spying Tool

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Via app stores


This Android malware may be downloaded in Google Play assuming several app names.

It checks if an SMS message is sent from a number listed in a reference text file. If the number is included in the file, it hides the SMS message from the user. It uploads the hidden SMS messages (including those with bank authentication codes) to a remote server.

  TECHNICAL DETAILS

File Size:

226,368 bytes

File Type:

APK

Memory Resident:

Yes

Initial Samples Received Date:

19 Dec 2012

Payload:

Steals information

NOTES:

The malware may be downloaded in Google Play under the following names:

  • VkSafe
  • SberSafe
  • AlfaSafe

It receives remote commands from the following URL(s):

  • http://{BLOCKED}ska.com/m/fo125kepro

The malware checks if na SMS message was sent from a number listed in the file HIDE.TXT. If the number is included in the file, it hides the SMS message from the user. It uploads the hidden SMS messages (including those with bank authentication codes) to a remote server.

  SOLUTION

Minimum Scan Engine:

9.300

TMMS Pattern File:

1.371.00

TMMS Pattern Date:

21 Dec 2012

Step 1

Remove unwanted apps on your Android mobile device

[ Learn More ]

Step 2

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.


Did this description help? Tell us how we did.