Skip to content

Export page to PDF
ANDROIDOS_DORDRAE.M
Malware type: Trojan
Threat sub-type: Information Stealer, Malicious Downloader
Destructive: No
Platform: Android OS
Encrypted: Yes
In the wild: Yes

Overview


This malware variant is related to the Android malware, DroidDreamLight, which steals mobile-specific data. The detected files are Trojanized Android applications which are hosted in the Android Market and infected almost a hundred users before it was pulled out.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

The malware service AppUseService runs every time the call state of the affected device changes. It then gathers the certain information. It sends the information to the remote servers.

Based on the analysis of its codes, this Trojan can also receive notification messages to display and download links from the said sites. It uses the notifications to trick users into downloading and installing the applications hosted in the links.

This Trojan may be manually installed by a user.

Technical Details


File size: 114,410 bytes
File type: APK
Memory resident: No
Initial samples received date: 18 Aug 2011
Payload: Steals information, Compromises system security

Arrival Details

This Trojan may be manually installed by a user.

This malware arrives via the following means:

  • Via Trojanized Android applications

NOTES:

The malware service AppUseService runs every time the call state of the affected device changes.

It then gathers the following information:

  • Country
  • Device model
  • Device language setting
  • IMEI
  • IMSI
  • Installed applications (application name, package name, package version)

It sends these information to the following remote servers:

  • http://{BLOCKED}5a.com/lsda.jsp
  • http://{BLOCKED}j5.com/pqwo.jsp
  • http://{BLOCKED}8m.com/ijnh.jsp

Based on the analysis of its codes, this Trojan can also receive notification messages to display and download links from the said sites. It uses the notifications to trick users into downloading and installing the applications hosted in the links.

Solution


Minimum scan engine: 8.900
Trend Micro Mobile Security Pattern Version: 1.127.00
Trend Micro Mobile Security Pattern Release Date: 22 Aug 2011

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn more ]

Did this description help? Tell us how we did.
Analysis By: Karl Dominguez

Connect with us on