ANDROIDOS_OPFAKE.CTD
Premium Service Abuser
Android OS
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This is the malware associated with the fake WhatsApp notification. Once users click on the Play button in the said email, they are lead to a multi-platform malware that can execute on Windows, iOS, and Android devices.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This trojanized app tricks the user of the affected device into downloading more malicious apps by purporting itself to be a legitimate browser app.
TECHNICAL DETAILS
NOTES:
It may be downloaded from the following remote sites:
- http://{BLOCKED}-update-client.my-vip-life.ru
Once started, the malicious app opens an .HTML file bundled with it.
If the user clicks on the Agree button, the trojanized app then sends several SMS to a list of phone numbers. It then opens another .HTML file to ask the user to download an app from http://{BLOCKED}ss.net/?u=1083o5i9uf0926z9zd0qc.
The downloaded app may result in more malicious routines being exhibited in the affected system.
SOLUTION
Step 1
Remove unwanted apps on your Android mobile device
Step 2
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Did this description help? Tell us how we did.