Analysis by: Peter Yan


Premium Service Abuser


Android OS


  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes


This is the malware associated with the fake WhatsApp notification. Once users click on the Play button in the said email, they are lead to a multi-platform malware that can execute on Windows, iOS, and Android devices.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This trojanized app tricks the user of the affected device into downloading more malicious apps by purporting itself to be a legitimate browser app.


File Size: 215,849 bytes
File Type: APK
Memory Resident: No
Initial Samples Received Date: 12 Sep 2013
Payload: Downloads files


It may be downloaded from the following remote sites:

  • http://{BLOCKED}

This malware pretends as a browser named Browser 6.5.

Once started, the malicious app opens an .HTML file bundled with it.

If the user clicks on the Agree button, the trojanized app then sends several SMS to a list of phone numbers. It then opens another .HTML file to ask the user to download an app from http://{BLOCKED}

The downloaded app may result in more malicious routines being exhibited in the affected system.


Minimum Scan Engine: 9.300
TMMS Pattern File: 1.567.00
TMMS Pattern Date: 12 Sep 2013

Step 1

Remove unwanted apps on your Android mobile device

[ Learn More ]

Step 2

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android smartphones and tablets from malicious and Trojanized applications. The App Scanner is free and detects malicious and Trojanized apps as they are downloaded, while SmartSurfing blocks malicious websites using your device's Android browser.

Download and install the Trend Micro Mobile Security App via Google Play.

Did this description help? Tell us how we did.