ANDROIDOS_SMSBOXER.AB

 Analysis by: Roland Marco Dela Paz

 THREAT SUBTYPE:

Spying Tool

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet


This malware can be downloaded from fake site that imitates Google Play, formerly known as the Android Market.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This Trojan is capable of sending text messages. It first checks the country code and operator code of the affected device. After sending the text message, it then opens a certain site.

This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It may be manually installed by a user.

  TECHNICAL DETAILS

File Size:

2,310,014 bytes

File Type:

APK

Initial Samples Received Date:

14 Mar 2012

Payload:

Sends messages

Arrival Details

This Trojan may be downloaded by other malware/grayware/spyware from remote sites.

It may be manually installed by a user.

NOTES:

It uses the following icon:

When the application is executed, a user may encounter the following error:

Once installed, this application has the following permissions:

It is capable of sending text messages.

It first checks the country code and operator code of the affected device. If the operator code is 25002, it shows a progress bar with the following text for 6 seconds:

"Click Ok to start sending text message."

Otherwise, it sends the text message directly. The message contains the following text:

{prefix}+5069+2+p+a

Where {prefix} can be determined by the following table:

After sending the text message, it then opens the following site:

  • http://{BLOCKED}oogle.ru/Google_Play.apk

  SOLUTION

Minimum Scan Engine:

9.200

TMMS Pattern File:

1.199.00

TMMS Pattern Date:

15 Mar 2012

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.