Skip to content
Attempts to send
text messages containing the string “798657” to premium-rate numbers using
the infected device’s current default SMS Center (SMSC) by exploiting the
Permissions function (android.permission.SEND_SMS).
Upon further analysis, however, it failed to successfully run due to
ANDROIDOS_DROISNAKE.A (aka Tap Snake)
Capable of sending
an affected user’s GPS location via HTTP POST upon acceptance of its end-
user license agreement (EULA).
Opens several ports
and connects to specific URLs to receive and execute commands from a remote
user. These commands allow the remote user to gather specific information and
system properties from the infected device.
like International Mobile Equipment Identity (IMEI) and International Mobile
Subscriber Identity (IMSI) numbers from infected systems, which is then sent
to a specific site. It also downloads an updated copy of itself when executed.
ANDROIDOS_LOTOOR.A (aka fake Falling Down)
specific sites to send and receive information from a remote user. It steals
information like ClientInfo as well as IMEI and IMSI numbers from infected
devices. It also downloads other malicious apps onto the infected devices.
ANDROIDOS_BGSERV.A (aka fake Android Market Security Tool)
from an infected device, which is then sent it to a remote user. It also intercepts
sent and received text messages and calls as well as downloads files and videos.
all incoming text messages to a remote user.
Attempts to send
text messages to premium-rate numbers.
infected device’s GPS location, text and email messages, as well as calls. It
also gives a remote user the capability to remotely listen to an affected
user’s calls and to control an infected device via SMS.
Siga a Trend Micro