Skip to content

Export page to PDF
ANDROIDOS_SMSBOXER.AB

Overview


Infection Channel: Downloaded from the Internet

This malware can be downloaded from fake site that imitates Google Play, formerly known as the Android Market.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This Trojan is capable of sending text messages. It first checks the country code and operator code of the affected device. After sending the text message, it then opens a certain site.

This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It may be manually installed by a user.

Technical Details


File size: 2,310,014 bytes
File type: APK
Initial samples received date: 14 Mar 2012
Payload: Sends messages

Arrival Details

This Trojan may be downloaded by other malware/grayware/spyware from remote sites.

It may be manually installed by a user.

NOTES:

It uses the following icon:

When the application is executed, a user may encounter the following error:

Once installed, this application has the following permissions:

It is capable of sending text messages.

It first checks the country code and operator code of the affected device. If the operator code is 25002, it shows a progress bar with the following text for 6 seconds:

"Click Ok to start sending text message."

Otherwise, it sends the text message directly. The message contains the following text:

{prefix}+5069+2+p+a

Where {prefix} can be determined by the following table:

After sending the text message, it then opens the following site:

  • http://{BLOCKED}oogle.ru/Google_Play.apk

Solution


Minimum scan engine: 9.200
Trend Micro Mobile Security Pattern Version: 1.199.00
Trend Micro Mobile Security Pattern Release Date: 15 Mar 2012

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn more ]

Did this description help? Tell us how we did.
Analysis By: Roland Marco Dela Paz

Connect with us on