This malware is noteworthy as it is an Android malware that specifically targets China Mobile subscribers.
To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
This malware downloads an updated copy of itself from a certain website(s).
It stays in the memory as a service. It is capable of terminating processes provided by a remote user.
It steals certain information from the system and/or the user.
This backdoor connects to a website to send and receive information.
As of this writing, the said sites are inaccessible.
File size: 36,873 bytes
File type: Other
Memory resident: Yes
Initial samples received date: 07 May 2011
Payload: Terminates processes, Downloads files, Steals information
Arrival Details
This malware arrives via the following means:
Installation
This backdoor drops the following component file(s):
- \sdcard\Tencent\v1.log
- \sdcard\Tencent\smsConfig.xml
It creates the following folders:
Backdoor Routine
This backdoor connects to the following websites to send and receive information:
- http://{BLOCKED}ms.{BLOCKED}do.cn/Submit.aspx?ver=1.0&sys=%SDKversion%&imei=%IMEI%&ua=%phonemodel%&pro=100, 1000
Download Routine
This backdoor downloads an updated copy of itself from the following website(s):
- http://{BLOCKED}.{BLOCKED}.109.77/testing/1.apk
As of this writing, the said sites are inaccessible.
NOTES:
Information Theft
This Trojan steals the following information:
- IMEI
- Phone model
- SDK version
Other Details
This malware stays in the memory as a service. It is capable of terminating processes provided by a remote user.
Connect with us on
| | | |