HTML_ANDRSOPEXP.A
Information Stealer
Android OS
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This threat is related to attacks that used Android Same Origin Policy (SOP) vulnerability to target Facebook users.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This Trojan takes advantage of software vulnerabilities to propagate across networks.
TECHNICAL DETAILS
Propagation
This Trojan takes advantage of the following software vulnerabilities to propagate across networks:
Information Theft
This Trojan sends the gathered information to the following site/s using credentials from its configuration file:
- http://{BLOCKED}forchristmas.website/walmart/j/index.php?cid=544fba6ac6988&access_token=' + token;
NOTES:
This Android malware does the following:
- Automatically follow contacts in Facebook
- Automatically likes apps in Facebook
- Modify user's subscription information
- Authorize another user to access affected user's information such as friends list, likes, friends' likes, basic info, etc.
SOLUTION
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Did this description help? Tell us how we did.