ANDROIDOS_NOTCOMPATIBLE.HRY

 Analysis by: Yang Yang

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW


This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

  TECHNICAL DETAILS

File Size:

14032 bytes

File Type:

APK

Memory Resident:

Yes

Initial Samples Received Date:

19 Mar 2013

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

It may be manually installed by a user.

NOTES:

This malware is an Android Trojan that provides remote proxy service. It disguises itself as a system update. It may be used to access a private network or local area network through the infected device.

This malware may be downloaded from a malicious website. If users visit hxxp://www.{BLOCKED}a-kur-sporthotel.de/dbn/hpinbshpeblv.htm using Android devices, they will be redirected to hxxp://{BLOCKED}dcloudsecurityupdate.su/fixup.php .

Upon reaching that site, browsers may automatically download the malicious application named Update.apk. Automatic download will depend on the device’s OS version and browser. Some browsers may display a pop-up window like the one below:

After AndroidOS_NotCompatible.HRY has been downloaded, a message will then prompt users to click the notification to install the downloaded app.

However, installation will not continue if the device does not allow installations from unknown sources.

This app will automatically run as a service at every system startup. It will not display any icon, hiding its presence from users.

  SOLUTION

Minimum Scan Engine:

9.300

TMMS Pattern File:

1.435.00

TMMS Pattern Date:

21 Mar 2013

Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_NOTCOMPATIBLE.HRY. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.