arrow_back
search
close

ANDROIDOS_FAKEUPDATES.VL

May 07, 2012
 Analysis by: Xingqi Ding
 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet


This malware arrives when users accessed a compromised website.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

Once installed, it starts a service and connects to its command and control (C&C) server.

  TECHNICAL DETAILS

File Size:

22,837 bytes

File Type:

APK

Memory Resident:

Yes

Initial Samples Received Date:

02 May 2012

Payload:

Compromises system security

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting the following malicious websites:

  • {BLOCKED}budet9.ru:8014
  • {BLOCKED}budet9.ru
  • {BLOCKED}oidonlinefix.info
  • {BLOCKED}o.com
  • {BLOCKED}nalitics.info
  • {BLOCKED}eview.nl
  • {BLOCKED}-studio.com
  • {BLOCKED}agina.com
  • {BLOCKED}rq8.com
  • {BLOCKED}ompatibleapp.eu:8014
  • {BLOCKED}ompatibleapp.eu
  • {BLOCKED}lad.ru
  • {BLOCKED}imkilla.com
  • {BLOCKED}owstonecc.com

NOTES:

After it installs, it starts a service and connects to its command and control (C&C) server:

  • {BLOCKED}patibleapp.eu

  SOLUTION

Minimum Scan Engine:

9.200

TMMS Pattern File:

1.235.00

TMMS Pattern Date:

04 May 2012

Step 1

Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_FAKEUPDATES.VL. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.