This Trojan has a certain service which enables itself to automatically start at boot. It connects to a remote site to get premium-rate numbers where it will send a message to. The IMSI and location of the affected phone are also sent by this malware a remote site.
This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.
File size: 737,838 bytes
File type: DEX
Memory resident: No
Initial samples received date: 03 Aug 2011
Payload: Sends messages to premium rate numbers
Arrival Details
This Trojan may be unknowingly downloaded by a user while visiting malicious websites.
It may be manually installed by a user.
NOTES:
It has the following service which enables itself to automatically start at boot:
It connects to the following remote site to get premium-rate numbers where it will send a message to. The IMSI and location of the affected phone are also sent by this malware to the following remote site:
- www.{BLOCKED}re.com/careu/positionrecorder.asmx/
- www.{BLOCKED}re.com/careu/VAD.asmx/
As of this writing, the premium-rate numbers retrieved by the malware are as follows:
- {BLOCKED}690102
- {BLOCKED}760000
The message to be sent is the following:
ax360
Connect with us on
| | | |