AndroidOS_InfectionAds.HRXA

 Analysis by: Song Wang

 PLATFORM:

Android

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 SYSTEM IMPACT RATING:
 INFORMATION EXPOSURE:

  • Threat Type: Adware

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from app store

This Adware may be downloaded from app stores/third party app stores.

It drops and runs other files on the device.

  TECHNICAL DETAILS

Payload:

Injects files, Communicates with the C&C, Exploits vulnerabilities, Displays ads to victims

Arrival Details

This Adware may be downloaded from app stores/third party app stores.

Mobile Malware Routine

This Adware drops and executes the following file(s):

  • The "core" module of Agent Smith malware. It communicates with the C&C server to get the pre-defined list of infected applications.

It is capable of doing the following:

  • It utilizes the Janus vulnerability to inject the “boot” module into the repacked application. After the next run of the infected app, the “boot” module will run the “patch” module, which hooks the methods from known ad SDKs to its own implementation.
  • It exploits a series of ‘Bundle’ vulnerabilities to install applications without the victim knowing.
  • The 'AD' payload will display ads to the victims.

  SOLUTION

Minimum Scan Engine:

9.850

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:


Did this description help? Tell us how we did.