This adware connects to a certain URL in order to send information and receive commands. This may result in the phone's security being compromised.
To get a one-glance comprehensive view of the behavior of this Adware, refer to the Threat Diagram shown below.
This application is called Sexy Ladies-2, which is a puzzle game. Upon execution, it starts a service called Android SDK Provider.
This adware may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.
File size: 4,727,853 bytes
File type: APK
Memory resident: Yes
Initial samples received date: 26 Jan 2012
Payload: Steals information
Arrival Details
This adware may be unknowingly downloaded by a user while visiting malicious websites.
It may be manually installed by a user.
NOTES:
The application is called Sexy Ladies-2, which is a puzzle game. Upon execution, it starts a service called Android SDK Provider.
It may connect to the following C&C server and send details regarding the infected device:
- http://www.{BLOCKED}and.com/ProtocolGW/protocol/commands
The device details include the following:
- Android version
- Brand
- Device
- Device ID (IMEI)
- Display metrics
- Locale
- Manufacturer
- Model
- SDK version
It waits for the following commands from the server:
- /activate
- /bookmarks
- /homepage
- /info
- /notifications
- /optout
- /shortcuts
- /terminate
It has the capability to do the following routines:
- Get / set bookmarks
- Get / set homepage of the browser
- Get / set notification link, title, icon and text
- Set / get shortcuts
Connect with us on
| | | |