Skip to content

Threat Encyclopedia
Export page to PDF
ANDROIDOS_CITMO.A
Malware type: Trojan
Threat sub-type: Information Stealer, Spying Tool
Destructive: No
Platform: Android OS
In the wild: Yes

Overview


Infection Channel: Via app stores

This Android malware may be downloaded in Google Play assuming several app names.

It checks if an SMS message is sent from a number listed in a reference text file. If the number is included in the file, it hides the SMS message from the user. It uploads the hidden SMS messages (including those with bank authentication codes) to a remote server.

Technical Details


File size: 226,368 bytes
File type: APK
Memory resident: Yes
Initial samples received date: 19 Dec 2012
Payload: Steals information

NOTES:

The malware may be downloaded in Google Play under the following names:

  • VkSafe
  • SberSafe
  • AlfaSafe

It receives remote commands from the following URL(s):

  • http://{BLOCKED}ska.com/m/fo125kepro

The malware checks if na SMS message was sent from a number listed in the file HIDE.TXT. If the number is included in the file, it hides the SMS message from the user. It uploads the hidden SMS messages (including those with bank authentication codes) to a remote server.

Solution


Minimum scan engine: 9.300
Trend Micro Mobile Security Pattern Version: 1.371.00
Trend Micro Mobile Security Pattern Release Date: 21 Dec 2012

Step 1

Remove unwanted apps on your Android mobile device

[ Learn more ]

Step 2

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.


Did this description help? Tell us how we did.
Analysis By: Veo Zhang

Connect with us on