Analysis by: markb

 THREAT SUBTYPE:

Information Stealer

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Adware

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This adware is embedded in an application that unlocks levels of the popular game "Angry Birds."

Upon execution the adware will run in the background as a service with the name AndroidMDKProvider.

It will then post certain information to its C&C. These data are used as unique identifiers for the affected device.

It obtains certain information and uploads it to its server as part of its routine.

It can perform certain commands from the C&C.

  TECHNICAL DETAILS

File Size: 373,765 bytes
Memory Resident: Yes
Initial Samples Received Date: 10 Jun 2011

NOTES:

This adware is embedded in an application that unlocks levels of the popular game "Angry Birds."

Upon execution the malicious part will run in the background as a service with the name AndroidMDKProvider.

It then posts the following information to its C&C:

  • IMEI
  • MacAddress (if IMEI is not obtained)
  • Display properties (i.e. screen resolution, screen DPI values)
  • Device locale setting
  • Device brand
  • Device manufacturer
  • Device Model
  • OS version
  • SDK version

These data are used as unique identifiers for the affected device.

C&C URL:

  • http://www.{BLOCKED}webmobile.com/ProtocolGW/protocol/

It obtains the following information and uploads it to its server as part of its routine:

  • Bookmark list
  • History list
  • Shortcuts

It can perform the following commands from the C&C:

1. Add/delete bookmarks

2. Add/delete shortcuts

3. Add/delete browsing history

4. Get specific run-time log entries specified by the remote user and then upload it to the server.

  SOLUTION

Minimum Scan Engine: 8.900
TMMS Pattern File: 1.105.00
TMMS Pattern Date: 13 Jun 2011

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.