ANDROIDOS_GCMBOT.A
Information Stealer, Premium Service Abuser, Click Fraud, Malicious Downloader, Spying Tool
Android OS
Threat Type: Backdoor
Destructiveness: No
Encrypted:
In the wild: Yes
TECHNICAL DETAILS
Arrival Details
This backdoor may be downloaded from the following remote sites:
- http://{BLOCKED}ram.com
NOTES:
It is distributed via Instagram spam, which lures users into getting ‘Free Followers’ by using this malware.
It uses the following names to trick users into thinking this legitimate:
- Signal Booster
- Battery Booster
On the background, it connects to the following URL to receive commands in sending premium SMS and leaking user device information:
- http://{BLOCKED}8.mobi/pat.php
It also uses C2DM protocol to connect to another server where it waits for its remote commands. The following are the said remote commands:
- Creates an icon on home screen
- Pushes artibitary notification, which can potentially bring more threats on the affected device
- Opens a certain URL
- Sends SMS to received number
SOLUTION
Step 1
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Step 2
Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_GCMBOT.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.