Skip to content

Export page to PDF
ANDROIDOS_ADSMS.A

Overview


This malware is noteworthy as it is an Android malware that specifically targets China Mobile subscribers.

To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.

This malware downloads an updated copy of itself from a certain website(s).

It stays in the memory as a service. It is capable of terminating processes provided by a remote user.

It steals certain information from the system and/or the user.

This backdoor connects to a website to send and receive information.

As of this writing, the said sites are inaccessible.

Technical Details


File size: 36,873 bytes
File type: Other
Memory resident: Yes
Initial samples received date: 07 May 2011
Payload: Terminates processes, Downloads files, Steals information

Arrival Details

This malware arrives via the following means:

  • SMS

Installation

This backdoor drops the following component file(s):

  • \sdcard\Tencent\v1.log
  • \sdcard\Tencent\smsConfig.xml

It creates the following folders:

  • \sdcard\Tencent

Backdoor Routine

This backdoor connects to the following websites to send and receive information:

  • http://{BLOCKED}ms.{BLOCKED}do.cn/Submit.aspx?ver=1.0&sys=%SDKversion%&imei=%IMEI%&ua=%phonemodel%&pro=100, 1000

Download Routine

This backdoor downloads an updated copy of itself from the following website(s):

  • http://{BLOCKED}.{BLOCKED}.109.77/testing/1.apk

As of this writing, the said sites are inaccessible.

NOTES:

Information Theft

This Trojan steals the following information:

  • IMEI
  • Phone model
  • SDK version

Other Details

This malware stays in the memory as a service. It is capable of terminating processes provided by a remote user.

Solution


Minimum scan engine: 8.900
Trend Micro Mobile Security Pattern Version: 1.105.00
Trend Micro Mobile Security Pattern Release Date: 13 Jun 2011

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn more ]

Did this description help? Tell us how we did.
Analysis By: Karl Dominguez

Connect with us on