Analysis by: Sabrina Lei Sioting

ALIASES:

Andr/NewyearL-B (Sophos), Application:Android/Counterclank.A (Fsecure), Andr.Plangton-12 (Clamav), Android/Plankton.A!tr (Fortinet), Trojan.AndroidOS.Plankton (Ikarus), Android/Plankton.A trojan (Eset),

 THREAT SUBTYPE:

Information Stealer

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Backdoor

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

Infection Channel: Downloaded from the Internet, Via app stores

This malicious app is known as Brightest Flashlight Free.

It gathers various information on the affected device. It may connect to a C&C server to send information gathered.

It is capable of setting bookmarks, setting browser homepage, and getting shortcuts on the device.

This backdoor may be manually installed by a user.

  TECHNICAL DETAILS

File Size: 887,876 bytes
File Type: DEX
Memory Resident: Yes
Initial Samples Received Date: 18 May 2012
Payload: Compromises system security, Connects to URLs/IPs, Steals information

Arrival Details

This backdoor may be manually installed by a user.

NOTES:
This is Trend Micro's detection for Android applications bundled with malicious code.

It may connect to its C&C server and send details regarding the infected device:

  • http://www.{BLOCKED}and.com/ProtocolGW/protocol/commands
Device details include:
  • brand
  • device
  • manufacturer
  • model
  • android version
  • device ID (IMEI)
  • display metrics
  • locale
  • SDK version
It waits for the backdoor commands from the server:
  • /activate
  • /homepage
  • /commandstatus
  • /bookmarks
  • /shortcuts
  • /notifications
  • /terminate
  • /dumplog
  • /unexpectedexception
  • /upgrade
  • /installation
  • /info
  • /optout
It has the capability to do the following routines:
  • get / set homepage of the browser
  • get / set bookmarks
  • set / get shortcuts
  • get / set notification link, title, icon and text

  SOLUTION

Minimum Scan Engine: 9.200
TMMS Pattern File: 1.243.00
TMMS Pattern Date: 18 May 2012

Step 1

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Step 2

Remove unwanted apps on your Android mobile device

[ Learn More ]

Did this description help? Tell us how we did.

Related Malware