HTML_ANDRSOPEXP.A

 Analysis by: Simon Huang

 THREAT SUBTYPE:

Information Stealer

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet, Via social networking sites


This threat is related to attacks that used Android Same Origin Policy (SOP) vulnerability to target Facebook users.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This Trojan takes advantage of software vulnerabilities to propagate across networks.

  TECHNICAL DETAILS

File Size:

268 bytes

File Type:

HTML, HTM

Memory Resident:

Yes

Propagation

This Trojan takes advantage of the following software vulnerabilities to propagate across networks:

Information Theft

This Trojan sends the gathered information to the following site/s using credentials from its configuration file:

  • http://{BLOCKED}forchristmas.website/walmart/j/index.php?cid=544fba6ac6988&access_token=' + token;

NOTES:

This Android malware does the following:

  • Automatically follow contacts in Facebook
  • Automatically likes apps in Facebook
  • Modify user's subscription information
  • Authorize another user to access affected user's information such as friends list, likes, friends' likes, basic info, etc.

  SOLUTION

Minimum Scan Engine:

9.700

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.


Did this description help? Tell us how we did.