This spyware targets mobile banking users by posing as a fake token generator. During execution it asks for the user's password and generates a fake token while sending the user's information to a specific number and remote servers in the background.
To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below.
This spyware is an application that poses as a token generator from a certain bank. Users must enter a password. Otherwise, it displays an error.
It generates the fake token and executes its malicious code in the background.
This spyware may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.
File Size: 321,292 bytes
File Type: DEX
Initial Samples Received Date: 16 Mar 2012
Payload: Steals information, Compromises the security of the affected device
This spyware may be unknowingly downloaded by a user while visiting malicious websites.
It may be manually installed by a user.
It is an application that poses as a token generator from a certain bank. Upon execution, it displays the following:
Users must enter a password. Otherwise, it displays an error.
When users click Generar, it generates the fake token and executes its malicious code in the background. It gathers the following information:
It sends these information along with the password entered to the following number:
It also sends these information to the following remote servers:
It also steals the following information from the affected device:
It also has the capability to execute itself at a scheduled time. This enables the malware to run a background service and listen for commands from the remote servers. These include the following commands:
Download and install another APK
Send the contacts list and SMS messages to the remote server
Update the number where stolen information are sent
Minimum Scan Engine: 9.200
TMMS Pattern File: 1.201.00
TMMS Pattern Date: 16 Mar 2012
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.