ANDROIDOS_SMSBOXER.A

This malware pretends to be either an Instagram or Angry Birds Space application for Android phones.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This malware may arrive as a file downloaded from remote sites offering free download of the following apps:

• Instagram for Android
• Angry Birds Space

It prompts the user to allow sending of SMS messages in order to activate the downloaded application.

This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

It may be downloaded from the following remote sites:

• http://{BLOCKED}android.ru
• http://{BLOCKED}space.ru

It may be manually installed by a user.

NOTES:

This malware may arrive as a file downloaded from remote sites offering free download of the following apps:

• Instagram for Android
• Angry Birds Space

It prompts the user to allow sending of SMS messages in order to activate the downloaded application. It checks the country code of the affected device. If country code is any of the following, it displays a message in Russian:

• 250
• 255
• 401

The SMS message it sends contains the following text:

75333+5570+88+p+a

It may send the SMS message to any of the following numbers, which in turn charges affected users according to the respective number's rate:

• 2855
• 3855
• 7151
• 8151

After sending the message, it gives the user the following links to make it appear that the user has already activated the app:

• http://{BLOCKED}o.ru/apk/com.instagram.android_1.0.3.apk
• http://top.{BLOCKED}le.ru/files/anmini.apk