Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

ANDROIDOS_CONTACTS.E

ANALYSIS BY

Yinfeng Qiu


THREAT SUBTYPE:

Information Stealer

PLATFORM:

Android OS

OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:

  • Threat Type:Trojan

  • Destructiveness:No

  • Encrypted:

  • In the wild: Yes

OVERVIEW


This malicious app received widespread media attention in Japan. It steals affected users' contacts information and sends the stolen data to a server.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This Trojan may be manually installed by a user.

It sends the information it gathers to remote sites.

TECHNICAL DETAILS

File Size:

32768 bytes

File Type:

APK

Memory Resident:

Yes

Payload:

Steals information

Arrival Details

This Trojan may be manually installed by a user.

Information Theft

This Trojan sends the information it gathers to remote sites.

NOTES:

Upon installation, the malicious app appears on the home screen as a legitimate battery saving app.

It asks for the following permissions:

Examining the decompiled code of the app, its malicious routines are confirmed:

It queries the affected user's contacts information and sends said information to following remote servers through HTTP POST.

  • http://jac{BLOCKED}ml.jp/batterylong.php
  • http://max{BLOCKED}ml.jp/bl.php
  • http://sta{BLOCKED}go.biz/bl.php
  • http://app{BLOCKED}nd.com/a/reg_db.php
  • http://122.{BLOCKED}GetContacts/getInfo.php
  • http://app{BLOCKED}nd.com/a/reg_db.php
  • http://gre{BLOCKED}.biz/bl.php
  • http://p{BLOCKED}g.net/a/reg_db.php

It may arrive using the following package names and installed as the following applications:

App Label Package Name
電池長持ち com.mmmm.batterylong
電池長持ち(無料着うたダウンローダー) com.mmmm.bl
電波改善 com.mmmm.bl
スマソーラー jp.fw.solar_s006
app電話帳リーダー my.testApp.getContact
Power Charge com.appz.solf
電波改善(通話無料) freetalkn.all.free
Solar Charge net.appzg

SOLUTION

Minimum Scan Engine:

9.200

VSAPI OPR PATTERN File:

1.295.00

VSAPI OPR PATTERN Date:

14 Aug 2012

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.

Featured Stories

Connect with us on