ANDROIDOS_SMSSNOW.HRX

 Analysis by: Ecular Xu

 THREAT SUBTYPE:

Malicious Downloader

 PLATFORM:

AndroidOS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet

This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

It uses a file name that tricks a user into thinking that it contains adult-related content.

It displays pop-up advertisements.

  TECHNICAL DETAILS

File Size:

2,652,850 bytes

File Type:

APK

File Compression:

ZIP

Memory Resident:

Yes

Initial Samples Received Date:

11 Nov 2015

Payload:

Connects to URLs/IPs, Displays ads

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

It may be manually installed by a user.

Installation

This Trojan uses a file name that tricks a user into thinking that it contains adult-related content.

Download Routine

This Trojan accesses the following websites to download files:

  • http://cdn.{BLOCKED}h.cn/
  • http://7sblrv.com2.z0.glb.{BLOCKED}dn.com/
  • http://down.{BLOCKED}y.net/
  • http://a.{BLOCKED}g.com/
  • http://ppooqq163.{BLOCKED}f.com:8899/
  • http://xz.{BLOCKED}9.com/app2/
  • http://appcdn.{BLOCKED}ng.com/
  • http://www.soso.com.{BLOCKED}s.com/
  • http://t.{BLOCKED}b.com/
  • http://nkcdn.{BLOCKED}8.com/

Adware Routine

This Trojan displays pop-up advertisements.

Mobile Malware Routine

This Trojan displays the following:

NOTES:

This Android app poses as a pornographic video players called 夜色影院. It uses an image of a woman to attract users to click it.

Once launched, it accesses and downloads other malicious apps. If the device has been rooted, these apps are be installed silently. If not, some icons appear on the home screen and prompt users to install them.

It contains a large number of sexually explicit materials that are not suitable specially for children. If the user clicks on any of the videos, a visible payment interface is presented.

It launches itself as the device boots up. It pushes ads aggressively on the top layer of screen.

  SOLUTION

Minimum Scan Engine:

9.800

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:


Did this description help? Tell us how we did.