Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

ANDROIDOS_SMSBOXER.AB

ANALYSIS BY

Roland Marco Dela Paz


THREAT SUBTYPE:

Spying Tool

PLATFORM:

Android OS

OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:

  • Threat Type:Trojan

  • Destructiveness:No

  • Encrypted: No

  • In the wild: Yes

OVERVIEW

Infection Channel:

Downloaded from the Internet


This malware can be downloaded from fake site that imitates Google Play, formerly known as the Android Market.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This Trojan is capable of sending text messages. It first checks the country code and operator code of the affected device. After sending the text message, it then opens a certain site.

This Trojan may be downloaded by other malware/grayware/spyware from remote sites. It may be manually installed by a user.

TECHNICAL DETAILS

File Size:

2,310,014 bytes

File Type:

APK

Initial Samples Received Date:

14 Mar 2012

Payload:

Sends messages

Arrival Details

This Trojan may be downloaded by other malware/grayware/spyware from remote sites.

It may be manually installed by a user.

NOTES:

It uses the following icon:

When the application is executed, a user may encounter the following error:

Once installed, this application has the following permissions:

It is capable of sending text messages.

It first checks the country code and operator code of the affected device. If the operator code is 25002, it shows a progress bar with the following text for 6 seconds:

"Click Ok to start sending text message."

Otherwise, it sends the text message directly. The message contains the following text:

{prefix}+5069+2+p+a

Where {prefix} can be determined by the following table:

After sending the text message, it then opens the following site:

  • http://{BLOCKED}oogle.ru/Google_Play.apk

SOLUTION

Minimum Scan Engine:

9.200

TMMS Pattern File:

1.199.00

TMMS Pattern Date:

15 Mar 2012

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.

Featured Stories

Connect with us on