Analysis by: Ecular Xu

 PLATFORM:

Android

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan Spy

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This malware is a variant of a VMAP, a mobile component of targeted attacks which affected various sectors in the Middle East. It is capable of searching and extracting information from affected units, record calls, locating devices via geolocation, and downloading and installing other applications.

  TECHNICAL DETAILS

File Size: 3940904 bytes
Memory Resident: Yes

NOTES:
ANDROIDOS_STEALERC32 pretends itself as fake updates to chat applications like Facebook, WhatsApp, Messenger, LINE, and LoveChat.

Once installed on a device ANDROIDOS_STEALERC32 will perform the following actions:

  • Recording calls
  • Retrieving generic phone metadata (e.g., cell location, mobile country code, mobile network code)
  • Geolocating a device
  • Extracting SMS messages
  • Retrieving a victim's accounts
  • Exfiltrating images
  • Downloading and installing additional applications
  • Searching for and exfiltrating pdf, doc, docx, ppt, pptx, xls, and xlsx file types
  • Retrieving contacts.

  •   SOLUTION

    Minimum Scan Engine: 9.850

    NOTES:
    Scan your device with your Trend Micro product to delete APPs detected as ANDROIDOS_STEALERC32. If the detected APPs have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required.


    Did this description help? Tell us how we did.