This Android malware, known as DroidDreamLight, steals mobile-specific data.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This is Trend Micro's detection for Trojanized Android applications. While the legitimate software runs, it silently executes malicious code in the background. Upon executing the affected application, the malware starts by gathering information. It sends data via HTTP POST to the servers encrypted in the file prefer.dat. As of this writing, the said servers are currently inaccessible.
This Trojan may be manually installed by a user.
File size: 144,064 bytes
File type: DEX
Memory resident: Yes
Initial samples received date: 01 Jun 2011
Payload: Steals information
Arrival Details
This Trojan may be manually installed by a user.
This malware arrives via the following means:
- It comes bundled with downloadable Android applications
NOTES:
This is Trend Micro's detection for Trojanized Android applications. While the legitimate software runs, it silently executes malicious code in the background. Upon executing the affected application, the malware starts by gathering the following information:
- Protocol
- Model
- Language
- Country
- IMEI
- IMSI
- OS Version
- Edition
- Product ID
It sends these data via HTTP POST to the servers encrypted in the file prefer.dat:
- http://{BLOCKED}o.com/zpmq.jsp
- http://{BLOCKED}6.com/owxnf.jsp
- http://{BLOCKED}k.com/bksy.jsp
As of this writing, the said servers are currently inaccessible.
Connect with us on
| | | |