search

ANDROIDOS_PLANKTON.P

January 28, 2012
 Analysis by: Erika Bianca Mendoza
 THREAT SUBTYPE:

Information Stealer

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Adware

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This adware connects to a certain URL in order to send information and receive commands. This may result in the phone's security being compromised.

To get a one-glance comprehensive view of the behavior of this Adware, refer to the Threat Diagram shown below.

This application is called Sexy Ladies-2, which is a puzzle game. Upon execution, it starts a service called Android SDK Provider.

This adware may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

  TECHNICAL DETAILS

File Size:

4,727,853 bytes

File Type:

APK

Memory Resident:

Yes

Initial Samples Received Date:

26 Jan 2012

Payload:

Steals information

Arrival Details

This adware may be unknowingly downloaded by a user while visiting malicious websites.

It may be manually installed by a user.

NOTES:

The application is called Sexy Ladies-2, which is a puzzle game. Upon execution, it starts a service called Android SDK Provider.

It may connect to the following C&C server and send details regarding the infected device:

  • http://www.{BLOCKED}and.com/ProtocolGW/protocol/commands

The device details include the following:

  • Android version
  • Brand
  • Device
  • Device ID (IMEI)
  • Display metrics
  • Locale
  • Manufacturer
  • Model
  • SDK version

It waits for the following commands from the server:

  • /activate
  • /bookmarks
  • /homepage
  • /info
  • /notifications
  • /optout
  • /shortcuts
  • /terminate

It has the capability to do the following routines:

  • Get / set bookmarks
  • Get / set homepage of the browser
  • Get / set notification link, title, icon and text
  • Set / get shortcuts

  SOLUTION

Minimum Scan Engine:

9.200

TMMS Pattern File:

1.183.00

TMMS Pattern Date:

29 Jan 2012

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.

Related Malware