Analysis by: Weichao Sun


Premium Service Abuser




  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes


Infection Channel: Via app stores

The malware exploits the Android Master Key vulnerability to install a backdoor.

This Trojan may be manually installed by a user.


Payload: Steals information, Downloads files

Arrival Details

This Trojan may be manually installed by a user.


The malware may be downloaded from several unofficial app stores.

This application contains two .DEX files and AndroidManifest files to modify a normal application’s behavior without breaking its signature.

This malware launches automatically after device boot. After launching, this application gathers backdoor configuration information from the host {BLOCKED}.180.178:8088, then sends SMS message to several predefined phone number.

A service starts and runs in the backed to receive remote commands by SMS. The SMS message contains commands that are shown to the user.

According to the received commands, the malware uploads IMSI/IMEI/phone number to host {BLOCKED}.180.178 or send SMS message to the command sender.

This malware attempts to terminate antivirus service processes from “qihoo360” and “LBE”.

It reads contact list, which it uses to send a message downloaded from remote server. The said message prompts recipients to download and install another .APK file from http://{BLOCKED}.152.221/app/moji_3_0_3.apk.

It uploads the contact list to remote server.


Minimum Scan Engine: 9.300

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Did this description help? Tell us how we did.