Skip to content

Export page to PDF
ANDROIDOS_ADRD.A
Aliases: Trojan:Android/Adrd.A (F-Secure)
Malware type: Backdoor
Threat sub-type: Information Stealer, Click Fraud, Malicious Downloader
Destructive: No
Platform: Android OS
Encrypted: No
In the wild: Yes

Overview


This Trojan uses social engineering methods to lure users into performing certain actions that may, directly or indirectly, cause malicious routines to be performed. Specifically, it conceals itself as a legitimate wallpaper application.

To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.

This malware conceals itself as a legitimate wallpaper application. It gathers information from affected device. It then sends the said information to a specific website.It also downloads an updated component from a certain URL. Based on its behavior, the purpose of this Trojan is click fraud, which in turn may lead to increased and expensive data charges.

This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

Technical Details


File size: 1,659,365 bytes
File type: Other
Memory resident: Yes
Initial samples received date: 16 Feb 2011
Payload: Downloads files, Steals information

Arrival Details

This backdoor may be unknowingly downloaded by a user while visiting malicious websites.

It may be manually installed by a user.

Other Details

This backdoor does the following:

  • Conceals itself as a legitimate wallpaper application.
  • Gathers the following information from affected device:
    • IMEI
    • IMSI
    • Access Point Name (cmnet, 3gwap, 3gnet, uniwap, uninet)
    • Local Date
  • Sends the said information to the following website:
    • http://adrd.{BLOCKED}b.com/pic.aspx?im=
  • Waits for certain reply from the servers. Based on its code, the reply may contain strings to be used to execute a search using http://wap.{BLOCKED}u.com.
  • Downloads an updated component from the following site:
    • http://adrd.{BLOCKED}n.net/index.aspx?im=
    The downloaded file is saved as /sdcard/uc/myupdate.apk.
  • Re-executes itself during any of the following instances:
    • When the device receives a phone call
    • During phone start-up
    • Whenever a new network connection is started

NOTES:
This Trojan arrives bundled with legitimate but Trojanized applications. Based on its behavior, its purpose is click fraud, which in turn may lead to increased and expensive data charges.

Solution


Minimum scan engine: 8.900
Trend Micro Mobile Security Pattern Version: 1.105.00
Trend Micro Mobile Security Pattern Release Date: 13 Jun 2011

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn more ]

Did this description help? Tell us how we did.

Connect with us on