- Threat Encyclopedia
- Malware
- ANDROIDOS_GCMBOT.A
Information Stealer, Premium Service Abuser, Click Fraud, Malicious Downloader, Spying Tool
Android OS
Arrival Details
This backdoor may be downloaded from the following remote sites:
NOTES:
It is distributed via Instagram spam, which lures users into getting ‘Free Followers’ by using this malware.
It uses the following names to trick users into thinking this legitimate:
On the background, it connects to the following URL to receive commands in sending premium SMS and leaking user device information:
It also uses C2DM protocol to connect to another server where it waits for its remote commands. The following are the said remote commands:
Step 1
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.
Download and install the Trend Micro Mobile Security App via Google Play.
Step 2
Scan your computer with your Trend Micro product to delete files detected as ANDROIDOS_GCMBOT.A. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.