This malware is a variant of a VMAP, a mobile component of targeted attacks which affected various sectors in the Middle East. It is capable of searching and extracting information from affected units, record calls, locating devices via geolocation, and downloading and installing other applications.
File Size: 3940904 bytes
Memory Resident: Yes
NOTES: ANDROIDOS_STEALERC32 pretends itself as fake updates to chat applications like Facebook, WhatsApp, Messenger, LINE, and LoveChat.
Once installed on a device ANDROIDOS_STEALERC32 will perform the following actions:
Retrieving generic phone metadata (e.g., cell location, mobile country code, mobile network code)
Geolocating a device
Extracting SMS messages
Retrieving a victim's accounts
Downloading and installing additional applications
Searching for and exfiltrating pdf, doc, docx, ppt, pptx, xls, and xlsx file types
Minimum Scan Engine: 9.850
NOTES: Scan your device with your Trend Micro product to delete APPs detected as ANDROIDOS_STEALERC32. If the detected APPs have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required.