Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

ANDROIDOS_TROJSMS.A

ANALYSIS BY

Yinfeng Qiu


THREAT SUBTYPE:

Premium Service Abuser

PLATFORM:

Android OS

OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:

  • Threat Type:Trojan

  • Destructiveness:No

  • Encrypted:

  • In the wild: Yes

OVERVIEW

Infection Channel:

Downloaded from the Internet


This Android malware is able to evade Google’s Bouncer.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This Trojan sends out text messages to premium service providers without users' permission. This routine bills users unknowingly.

It was found in Google Play, Google's official Android app store. As of this writing, Google has removed the said app from the app store.

This Trojan may be downloaded by other malware/grayware from remote sites.

TECHNICAL DETAILS

File Size:

15794 bytes

File Type:

APK

Memory Resident:

Yes

Payload:

Sends messages

Arrival Details

This Trojan may be downloaded by the following malware/grayware from remote sites:

  • http://dl.dropbox.com/u/{BLOCKED}8/Activator.apk

Propagation

This Trojan sends out the following messages:

DEF1773 to 1518
4037+random number to 3170
DEF1773 to 770656

NOTES:

This Trojan sends out text messages to premium service providers without users' permission. This routine bills users unknowingly.

It checks the current mobile operator name of the SIM card upon launching on an affected mobile device. Based on the operator name, it sends specific messages body to different phone numbers.

If the operator name begins with BEE (not case sensitive), it sends the message DEF1773 to the number 518. It also sends 4037{random number} to 3170.

If the operator name begins with MTS (not case sensitive), it sends the message DEF1773 to the number 770656. It also sends 4037{random number} to 3170.

If the operator name is empty, it shows a dialog box with Russian language stating that the wallpaper cannot be loaded and to try again later.

SOLUTION

Minimum Scan Engine:

9.200

TMMS Pattern File:

1.279.00

TMMS Pattern Date:

20 Jul 2012

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.


Did this description help? Tell us how we did.

Connect with us on