ANDROIDOS_DOOGRAW.A

 Analysis by: Erika Bianca Mendoza

 THREAT SUBTYPE:

Premium Service Abuser

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This malware abuses a premium service number as well as sends demeaning messages to the user's contact list, causing unauthorized charges as well as potential damage to the user's reputation.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This malware is a Trojanized version of the Android application, Dog Wars, and is being distributed in third-party application stores.

The real version of the said application previously gained attention after PETA (People for the Ethical Treatment of Animals) conducted campaigns asking the creators of the application to discontinue their development.

Once installed, ANDROIDOS_DOOGRAW.A sends a text message with the word "text" to the number 73822. The said message subscribes the user to an alert service being offered by PETA. This results in unauthorized service charges to the user.

ANDROIDOS_DOOGRAW.A also sends a text message to all users in the user's contact list. The message depicts the user as someone who takes enjoyment in hurting small animals. This routine could damage the user's reputation among his contacts.

This Trojan may be manually installed by a user.

  TECHNICAL DETAILS

File Size:

393,216 bytes

File Type:

DEX

Memory Resident:

No

Initial Samples Received Date:

17 Aug 2011

Payload:

Sends text messages, Abuses Premium Service

Arrival Details

This Trojan may be manually installed by a user.

NOTES:

This is Trend Micro's detection for a Trojanized Android application which is downloadable from the Internet. The affected application is as follows:

  • Dog Wars

It uses the following icon:

The malicious code is contained in a package called "dogbite".

Upon startup, its "Rabies" service sends a text message containing the string "text" to 73822. It also sends the following message to everyone in the user's list of contacts:

I take pleasure in hurting small animals, just thought you should know that

  SOLUTION

Minimum Scan Engine:

8.900

TMMS Pattern File:

1.127.00

TMMS Pattern Date:

21 Aug 2011

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.