ANDROIDOS_ONECLICKFRAUD.A
Click Fraud
Android OS
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
Via app stores
This Android malware leads users to a fake adult dating website. Once users click on the websites' links, which purportedly lead to dating profiles and contact details, they are instead given fraudulent information.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
Once user clicks on any of the buttons displayed on the page, the app opens a new page with information about the user's desired dating candidate.
This Trojan may be manually installed by a user.
TECHNICAL DETAILS
275224 bytes
Yes
13 Jun 2013
Click Fraud
Arrival Details
This Trojan may be manually installed by a user.
NOTES:
When the malware is executed, it connects to the following fraudulent adult dating website on its WebView component or browser:
- http://{BLOCKED}nk.net/smart/ship/sweet_bbs/rule_free.php?key=1371101689
Once the user clicks on any of the buttons displayed on the page, the app opens a new page with information about the user's desired dating candidate.
However, the information displayed is fraudulent in nature. When the user attempts to get more accurate information such as personal pictures, contact information, etc., the app tells the user that it cannot support these actions.
SOLUTION
9.300
1.491.00
17 Jun 2013
Step 1
Remove unwanted apps on your Android mobile device
Step 2
Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_ONECLICKFRAUD.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.