This malware leverages Moplus SDK to automatically and periodically deploy unwanted applications onto Android devices. Moplus SDK has been found out to include backdoor capabilities.
To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
This backdoor gathers device information. It sends stolen data to certain websites. This is the Trend Micro detection for Android applications bundled with malicious code.
Mobile Malware Routine
This backdoor is a file that collects the following information on an affected mobile device:
It gathers the following device information:
It posts the following information to its command and control (C&C) server:
It receives commands from the following C&C server(s):
It sends the gathered information via HTTP POST to the following URL(s):
It opens the following port(s):
It sends the information it gathers to remote sites.
This is the Trend Micro detection for Android applications bundled with malicious code.
Remove unwanted apps on your Android mobile device