Threat Encyclopedia

ANDROIDOS_FAKETIMER.A

Publish date: January 12, 2012

ANALYSIS BY

Kathleen Notario


THREAT SUBTYPE:

Information Stealer, Click Fraud

PLATFORM:

Android OS

OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:

  • Threat Type:Trojan

  • Destructiveness:No

  • Encrypted: No

  • In the wild: Yes

OVERVIEW


This malware is used to leverage one-click billing fraud attacks targeted at Android users. Said attacks could result in loss of funds on the users' part.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

TECHNICAL DETAILS

File Size:

78,988 bytes

File Type:

APK

Memory Resident:

Yes

Initial Samples Received Date:

10 Jan 2012

Payload:

Connects to URLs/IPs

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

It may be downloaded from the following remote sites:

  • http://{BLOCKED}unga3.blog26.fc2.com

NOTES:

It arrives in the system when users click a malicious link from search results of "Game Dunga".

Upon execution, it accesses the following malicious URL:

  • http://{BLOCKED}com.com/rgst5.php

The user is then asked to pay to view adult content.

After clicking OK, it displays the terms and information such as the user's mobile number, user ID, amount to be paid and its due date. The password is given after the user has paid in the following screen shot.

It accesses the following site:

  • http://{BLOCKED}com.com/send.php?a_id={device id}&telno={line 1 number}&m_addr={account name}&usr_id={value from http post}

where:

  • {device id} = a unique device ID such as IMEI, MEID or ESN
  • {line 1 number} = mobile number
  • {account name} = name of accounts registered in the mobile device in order to login to online accounts
  • {value from http post} = the reply obtained from http://{BLOCKED}com.com/entry.php?id=4 HTTP POST

SOLUTION

Minimum Scan Engine:

9.200

TMMS Pattern File:

1.179.00

TMMS Pattern Date:

15 Jan 2011

Step 1

Remove unwanted apps on your Android mobile device

[ Learn More ]

Step 2

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.


Did this description help? Tell us how we did.

Featured Stories

Connect with us on