AndroidOS_FakeKSec.GCLA

 Analysis by: Mariel Alamag
 Modified by: Neljorn Nathaniel Aguas

 ALIASES:

UDS:Trojan-Dropper.AndroidOS.Wroba.p (KASPERSKY)

 PLATFORM:

Android

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan Spy

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Dropped by other malware, Downloaded from the Internet

This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size:

2,315,757 bytes

File Type:

APK

Memory Resident:

No

Initial Samples Received Date:

29 Feb 2024

Payload:

Collects system information

Arrival Details

This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Other Details

This Trojan Spy does the following:

  • After installation, the application will not be visible on the phone's home page. However, it can be located within the app management section, confirming its successful installation.
  • It disguises as a fake security app with the label KDDI Security.
  • It monitors and collect sensitive information.
  • Accesses Phone Number
  • Statically get default SMS package
  • Send, Read and Delete SMS/MMS
  • Read and Delete Call Logs
  • Collect Contacts
  • Application is also signed by a Debug Certificate

  SOLUTION

Minimum Scan Engine:

9.800

FIRST VSAPI PATTERN FILE:

19.188.04

FIRST VSAPI PATTERN DATE:

29 Feb 2024

VSAPI OPR PATTERN File:

19.189.00

VSAPI OPR PATTERN Date:

01 Mar 2024

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:


Did this description help? Tell us how we did.