ANDROIDOS_PLANKTON


 ALIASES:

Plangton, Counterclank, Apper, NewyearL

 THREAT SUBTYPE:

Information Stealer

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Backdoor

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet, Via app stores

PLANKTON is a family of malware that has backdoor capabilities. It runs on Android operating systems, arriving as repackaged normal Android apps.

Apart from its backdoor capabilities, it steals information such as the following:

  • Android version

  • Brand

  • Device ID (IMEI)

  • Manufacturer

  • Model

  • SDK version

This backdoor may be manually installed by a user.

  TECHNICAL DETAILS

Payload:

Steals information, Connects to URLs/IPs

Arrival Details

This backdoor may be manually installed by a user.

Other Details

This backdoor connects to the following possibly malicious URL:

  • http://www.{BLOCKED}and.com/ProtocolGW/protocol/commands