Analysis by: Kevin Sun

 THREAT SUBTYPE:

Information Stealer

 PLATFORM:

AndroidOS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan bears the file icons of certain applications to avoid easy detection and consequent removal.

  TECHNICAL DETAILS

File Size: 1421416 bytes
Memory Resident: Yes

Installation

This Trojan bears the file icons of the following applications:

  • HGS

Mobile Malware Routine

This Trojan also steals the following information from the affected device:

  • bank information & SMS

It sends the gathered information via HTTP POST to the following URL(s):

  • http://{BLOCKED}avm100.tk

  SOLUTION

Minimum Scan Engine: 9.850

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:

Step 2

Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_FAKEBANK.AXMFA. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.