ANDROIDOS_ADVINST.A
Information Stealer, Malicious Downloader
Android OS
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
TECHNICAL DETAILS
3354613 bytes
APK
Yes
20 Apr 2013
Steals information, Collects system information, Downloads files
NOTES:
This malware is integrated in several apps found in Google Play.
It connects to the following URL(s) to receive remote commands:
- http://{BLOCKED}splay.net/api/adv.php
- http://{BLOCKED}ays.com/api/adv2.php
These remote URLs can be updated.
It sends the following information to the remote server:
- phone number
- IMEI
- device model information
The malware may receive the following commands from the remote server:
- 'news' - pushes remote advertising information to the notification bar
- 'showpage' - opens a webpage received from the remote server
- 'install' - silently downloads malware disguised as an app into the SD card and then prompts for installation
- 'showinstall' - pushes the downloaded app to the notification bar. Clicking the notification triggers the installation.
- 'iconpage' - adds a short-cut on home screen to certain websites
- 'iconinstall' - adds a short-cut on home screen to install certain apps
It downloads other malware onto the affected device, making it more vulnerable.
SOLUTION
9.300
1.453.00
23 Apr 2013
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Did this description help? Tell us how we did.