Analysis by: Veo Zhang

 THREAT SUBTYPE:

Information Stealer

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Infection Channel: Via app stores

These malicious apps are found to gather account information from users' devices, including Google, Facebook, and Twitter account details. These apps use various social engineering techniques in order to appear legitimate on Google Play. As of this writing, the apps are still available on Google Play.

  TECHNICAL DETAILS

File Size: 894988 bytes
File Type: APK
Memory Resident: Yes
Initial Samples Received Date: 21 Jan 2014
Payload: Collects system information

NOTES:

This malware appears as several apps on Google Play.

The app names are: "Sexy Girls Video Hot Photo", "Arkadas Sevgili Bul SevgiLand", "Buscar Amigo Amor", "Scare Them! Funny Scary Joke". The apps have been downloaded and installed in more than 50,000 Android devices.

When users launch the app and unconsciously click the only image in it, the app gathers the following account information:

  • Google account names
  • Facebook user names
  • Twitter user name

It sends the information to the following remote server:

  • http://{BLOCKED}.{BLOCKED}.71.142/s/s2.php?apptype=SPV1&email=
  • http://www.{BLOCKED}ideoapp.com/sg/sg.php?email=

Below are code screenshots of the malware behavior.

  SOLUTION

Minimum Scan Engine: 9.700
TMMS Pattern File: 1.711.00
TMMS Pattern Date: 11 Apr 2014

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.


Did this description help? Tell us how we did.