This malicious app received widespread media attention in Japan. It steals affected users' contacts information and sends the stolen data to a server.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This Trojan may be manually installed by a user.
It sends the information it gathers to remote sites.
File size: 32768 bytes
File type: APK
Memory resident: Yes
Payload: Steals information
Arrival Details
This Trojan may be manually installed by a user.
Information Theft
This Trojan sends the information it gathers to remote sites.
NOTES:
Upon installation, the malicious app appears on the home screen as a legitimate battery saving app.
It asks for the following permissions:
Examining the decompiled code of the app, its malicious routines are confirmed:
It queries the affected user's contacts information and sends said information to following remote servers through HTTP POST.
- http://jac{BLOCKED}ml.jp/batterylong.php
- http://max{BLOCKED}ml.jp/bl.php
- http://sta{BLOCKED}go.biz/bl.php
- http://app{BLOCKED}nd.com/a/reg_db.php
- http://122.{BLOCKED}GetContacts/getInfo.php
- http://app{BLOCKED}nd.com/a/reg_db.php
- http://gre{BLOCKED}.biz/bl.php
- http://p{BLOCKED}g.net/a/reg_db.php
It may arrive using the following package names and installed as the following applications:
| App Label |
Package Name |
| 電池長持ち |
com.mmmm.batterylong |
| 電池長持ち(無料着うたダウンローダー) |
com.mmmm.bl |
| 電波改善 |
com.mmmm.bl |
| スマソーラー |
jp.fw.solar_s006 |
| app電話帳リーダー |
my.testApp.getContact |
| Power Charge |
com.appz.solf |
| 電波改善(通話無料) |
freetalkn.all.free |
| Solar Charge |
net.appzg |
Connect with us on
| | | |