Infection Channel: Downloaded from the Internet
This malware pretends to be either an Instagram or Angry Birds Space application for Android phones.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This malware may arrive as a file downloaded from remote sites offering free download of the following apps:
- Instagram for Android
- Angry Birds Space
It prompts the user to allow sending of SMS messages in order to activate the downloaded application.
This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.
File size: 865,015 bytes
File type: APK
Memory resident: Yes
Initial samples received date: 16 Apr 2012
Payload: Charges users with a premium for sending SMS
Arrival Details
This Trojan may be unknowingly downloaded by a user while visiting malicious websites.
It may be downloaded from the following remote sites:
- http://{BLOCKED}android.ru
- http://{BLOCKED}space.ru
It may be manually installed by a user.
NOTES:
This malware may arrive as a file downloaded from remote sites offering free download of the following apps:
- Instagram for Android
- Angry Birds Space
It prompts the user to allow sending of SMS messages in order to activate the downloaded application. It checks the country code of the affected device. If country code is any of the following, it displays a message in Russian:
The SMS message it sends contains the following text:
75333+5570+88+p+a
It may send the SMS message to any of the following numbers, which in turn charges affected users according to the respective number's rate:
After sending the message, it gives the user the following links to make it appear that the user has already activated the app:
- http://{BLOCKED}o.ru/apk/com.instagram.android_1.0.3.apk
- http://top.{BLOCKED}le.ru/files/anmini.apk
Connect with us on
| | | |