Infection Channel: Via app stores
This malware disguises itself as an app named Find and Call. It is a malicious app that uploads a user's phone book to a remote server and sends spammed SMS to the user's contact list.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This malware may arrive as a normal app from Google Play or the App Store.
This malware has the following capabilities:
- Steal contacts data
- Collect location information by default
- Sends spammed SMS to the user's contact list
This malware has a brother build on iOS as well.
File size: 519,168 bytes
File type: APK
Initial samples received date: 09 Jul 2012
Payload: Steals information
NOTES:
This malware may arrive as a normal app from Google Play or the App Store.
It may be manually installed by a user. After installation, it displays an icon as an app named Find & Call.
Upon installation, it asks for the following permissions:
It then asks for users' email addresses and passwords to search through the users' contacts. The Find friends in a phone book instruction on the app leads the malware to upload the users' phone numbers and email addresses. The email addresses and passwords are then sent to the remote server as plain text. This may be sniffed by attackers.
The user's location information is also uploaded by default.
The app can be used normally, however, it uploads users' contact data to a server, http://{BLOCKED}nt.findandcall.com.
The information above is used to send spammed SMS by the remote server.
Connect with us on
| | | |