ANDROIDOS_WORMHOLE.HRXA

 Analysis by: Seven Shen

 THREAT SUBTYPE:

Information Stealer

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Backdoor

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This malware leverages Moplus SDK to automatically and periodically deploy unwanted applications onto Android devices. Moplus SDK has been found out to include backdoor capabilities.

To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.

This backdoor gathers device information. It sends stolen data to certain websites. This is the Trend Micro detection for Android applications bundled with malicious code.

  TECHNICAL DETAILS

File Size:

1,861,946 bytes

File Type:

APK

Memory Resident:

Yes

Payload:

Compromises system security, Steals information

Mobile Malware Routine

This backdoor is a file that collects the following information on an affected mobile device:

  • Installed packages
  • local files
  • APN
  • location
  • serviceinfo

It gathers the following device information:

  • APN
  • location
  • installed applications
  • local files

It posts the following information to its command and control (C&C) server:

  • local files
  • location
  • installed apps
  • service information
  • app information

It receives commands from the following C&C server(s):

  • Any HTTP client

It sends the gathered information via HTTP POST to the following URL(s):

  • Any HTTP server

It opens the following port(s):

  • 6259
  • 40310

It sends the information it gathers to remote sites.

This is the Trend Micro detection for Android applications bundled with malicious code.

  SOLUTION

Minimum Scan Engine:

9.800

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.