ANDROIDOS_KAKA.HBT
Android
Threat Type: Spyware
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This spyware monitors all incoming and outgoing calls. It uses common file icons to trick a user into thinking that the files are legitimate.
TECHNICAL DETAILS
612,100 bytes
DEX
Yes
21 Jul 2017
Mobile Malware Routine
This spyware is a file that collects the following information on an affected mobile device:
- 1.Device ID 2.SMS
It receives commands from the following C&C server(s):
- C&C server send command to control the behavior of this malware
It monitors all incoming and outgoing calls.
It sends the gathered information via HTTP POST to the following URL(s):
- {BLOCKED}.{BLOCKED}.190.153
It blocks the received SMS, not allowing the user to read the received message.
Upon installation, it asks for the following permissions:
- android.permission.ACCESS_WIFI_STATE, android.permission.CALL_PHONE, android.permission.INTERNET, android.permission.MOUNT_UNMOUNT_FILESYSTEMS, android.permission.READ_PHONE_STATE, android.permission.READ_SMS, android.permission.RECEIVE_SMS, android.permission.WRITE_EXTERNAL_STORAGE, com.android.launcher.permission.INSTALL_SHORTCUT
It uses common file icons to trick a user into thinking that the files are legitimate.
Based on analysis of the codes, it has the following capabilities:
- collecting user's bank account information
However, due to error in its code, it fails to perform its intended routines.
SOLUTION
9.800
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:
Did this description help? Tell us how we did.