ANDROIDOS_WINWORM.A

 Analysis by: Yang Yang

 THREAT SUBTYPE:

Click Fraud

 PLATFORM:

AndroidOS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This Trojan may be downloaded from app stores/third party app stores.

  TECHNICAL DETAILS

File Size:

12,966,802 bytes

File Type:

APK

Memory Resident:

No

Initial Samples Received Date:

16 May 2013

Arrival Details

This Trojan may be downloaded from app stores/third party app stores.

NOTES:

This malware is supposedly an app related to the menu of fast food chain KFC. The app name is wow@25. This app contains a Windows worm named StreamingAssets.exe. The app developer's computer may have been infected by a Windows worm. The source code directory of this app contains a copy of the worm, with the worm packaged, signed, and deployed on Google Play.

This app will not exhibit malicious routines on Android devices. However, it may perform malicious routines on computers running on Windows.

  SOLUTION

Minimum Scan Engine:

9.300

Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_WINWORM.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.