Analysis by: Yinfeng Qiu

 THREAT SUBTYPE:

Information Stealer

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This malicious app received widespread media attention in Japan. It steals affected users' contacts information and sends the stolen data to a server.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This Trojan may be manually installed by a user.

It sends the information it gathers to remote sites.

  TECHNICAL DETAILS

File Size: 32768 bytes
File Type: APK
Memory Resident: Yes
Payload: Steals information

Arrival Details

This Trojan may be manually installed by a user.

Information Theft

This Trojan sends the information it gathers to remote sites.

NOTES:

Upon installation, the malicious app appears on the home screen as a legitimate battery saving app.

It asks for the following permissions:

Examining the decompiled code of the app, its malicious routines are confirmed:

It queries the affected user's contacts information and sends said information to following remote servers through HTTP POST.

  • http://jac{BLOCKED}ml.jp/batterylong.php
  • http://max{BLOCKED}ml.jp/bl.php
  • http://sta{BLOCKED}go.biz/bl.php
  • http://app{BLOCKED}nd.com/a/reg_db.php
  • http://122.{BLOCKED}GetContacts/getInfo.php
  • http://app{BLOCKED}nd.com/a/reg_db.php
  • http://gre{BLOCKED}.biz/bl.php
  • http://p{BLOCKED}g.net/a/reg_db.php

It may arrive using the following package names and installed as the following applications:

App Label Package Name
電池長持ち com.mmmm.batterylong
電池長持ち(無料着うたダウンローダー) com.mmmm.bl
電波改善 com.mmmm.bl
スマソーラー jp.fw.solar_s006
app電話帳リーダー my.testApp.getContact
Power Charge com.appz.solf
電波改善(通話無料) freetalkn.all.free
Solar Charge net.appzg

  SOLUTION

Minimum Scan Engine: 9.200
VSAPI OPR PATTERN File: 1.295.00
VSAPI OPR PATTERN Date: 14 Aug 2012

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.