Skip to content

Export page to PDF
ANDROIDOS_SMSBOXER.A
Aliases: Android/TrojanSMS.Boxer.BE (Nod32)
Malware type: Trojan
Threat sub-type: Premium Service Abuser
Destructive: No
Platform: Android OS
Encrypted: No
In the wild: Yes

Overview


Infection Channel: Downloaded from the Internet

This malware pretends to be either an Instagram or Angry Birds Space application for Android phones.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This malware may arrive as a file downloaded from remote sites offering free download of the following apps:

  • Instagram for Android
  • Angry Birds Space

It prompts the user to allow sending of SMS messages in order to activate the downloaded application.

This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

Technical Details


File size: 865,015 bytes
File type: APK
Memory resident: Yes
Initial samples received date: 16 Apr 2012
Payload: Charges users with a premium for sending SMS

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

It may be downloaded from the following remote sites:

  • http://{BLOCKED}android.ru
  • http://{BLOCKED}space.ru

It may be manually installed by a user.

NOTES:

This malware may arrive as a file downloaded from remote sites offering free download of the following apps:

  • Instagram for Android
  • Angry Birds Space

It prompts the user to allow sending of SMS messages in order to activate the downloaded application. It checks the country code of the affected device. If country code is any of the following, it displays a message in Russian:

  • 250
  • 255
  • 401

The SMS message it sends contains the following text:

75333+5570+88+p+a

It may send the SMS message to any of the following numbers, which in turn charges affected users according to the respective number's rate:

  • 2855
  • 3855
  • 7151
  • 8151

After sending the message, it gives the user the following links to make it appear that the user has already activated the app:

  • http://{BLOCKED}o.ru/apk/com.instagram.android_1.0.3.apk
  • http://top.{BLOCKED}le.ru/files/anmini.apk

Solution


Minimum scan engine: 9.200
Trend Micro Mobile Security Pattern Version: 1.221.00
Trend Micro Mobile Security Pattern Release Date: 17 Apr 2012

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn more ]

Did this description help? Tell us how we did.
Analysis By: Kathleen Notario

Connect with us on