ANDROIDOS_PJAPPS.C
Information Stealer, Premium Service Abuser, Click Fraud, Malicious Downloader
Android OS
Threat Type: Backdoor
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This malware is bundled with legitimate Android apps.
It is a simplified and obfuscated version of ANDROIDOS_PJAPPS.D. It is a Trojanized version of TouchMix App, a normal gaming app, but the malware code runs as a service on the background as it is declared as a service.
At the start of service, the malware acquires the phone's IMEI and sends it to a remote server.
It also acts as an infection report to the server. If the server does not respond with the string "no"; it will send the IMEI to a phone number that it acquires by sending certain information to a remote site.
This backdoor may be manually installed by a user.
It connects to a website to send and receive information.
TECHNICAL DETAILS
274,076 bytes
DEX
Yes
07 May 2011
Arrival Details
This backdoor may be manually installed by a user.
Installation
This backdoor drops the following files:
- /sdcard/androidh.log
- /sdcard/android.log
Backdoor Routine
This backdoor connects to the following websites to send and receive information:
- http://{BLOCKED}ego91.com:8118/push/newandroidxml/
NOTES:
This malware is bundled with legitimate Android apps.
It is a simplified and obfuscated version of ANDROIDOS_PJAPPS.D. It is a Trojanized version of TouchMix App, a normal gaming app, but the malware code runs as a service on the background as it is declared as a service.
At the start of service, the malware acquires the phone's IMEI and sends it to the following server:
- http://{BLOCKED}.meego91.com/mm.do?imei={parameter}
- Device ID (IMEI)
- SIM serial number (ICCID)
- Subscriber ID (IMSI)
The file expected to be received is on an XML format. Specific commands are declared on It is also capable of blocking all incoming MMS if the data on /sdcard/android.log is equal to "12345". It also has a code that blocks received SMS, if the sender’s phone number matches the data on /sdcard/android.log. However, the said code is not executed in this particular variant.
It also writes logs on the file /sdcard/androidh.log.
SOLUTION
8.900
1.105.00
13 Jul 2011
Step 1
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Step 2
Remove unwanted apps on your Android mobile device
Did this description help? Tell us how we did.