Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

ANDROIDOS_AUTOSUBSMS.A

ANALYSIS BY

Michael Cabel


THREAT SUBTYPE:

Premium Service Abuser

PLATFORM:

Android OS

OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:

  • Threat Type:Trojan

  • Destructiveness:No

  • Encrypted: No

  • In the wild: Yes

OVERVIEW


This Android malware abuses premium services specially targeting China Mobile subscribers. Specifically, it includes SMS receiver that monitors SMS messsages and automatically subscribes users to premium services.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

It also monitors messages that contain certain keywords that come from numbers that starts with 10658 or 10086.

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

TECHNICAL DETAILS

File Size:

Varies

File Type:

DEX

Memory Resident:

No

Initial Samples Received Date:

17 Aug 2011

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

NOTES:

This malware monitors the keywords 回复任意内容 and 超市 and if these are present in the body of received SMS mesages. If the said condition is met, it sends a reply containing Y as the message. This reply automatically subscribe users to premium services, without their consent.

It also monitors messages that contain any of the following keywords that come from numbers that starts with 10658 or 10086:

  • 爱情来啦
  • 爱情来了
  • 超市

It then deletes the received mesage automatically once the above conditions are met.

SOLUTION

Minimum Scan Engine:

8.900

TMMS Pattern File:

1.127.00

TMMS Pattern Date:

21 Aug 2011

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.

Featured Stories

Connect with us on