ANDROIDOS_CRUSEWIN.A

This Android malware acts as an SMS relay. It uses the infected device as proxy for sending and receiving SMS messages. As a result, affected users may be charged for sending SMS without their knowledge.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This malware has certain capabilities such as sending and receiving SMS, deleting SMS, getting installed applications, deleting and updating itself.

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

NOTES:
This Android malware acts as an SMS relay which receives SMS to be forwarded from a remote URL. As a result, affected users may be charged for sending SMS without their knowledge. This malware has the following capabilities:

• Send and receive SMS
• Delete SMS
• Get installed applications
• Delete itself
• Update Itself

• http://{BLOCKED}ind.net/flash/test.xml?imei={IMEI}&time={current time}

This malware also monitors the the affected phone's received SMS. If an SMS is from the number it sent to, the message is relayed to the following URL:

• http://{BLOCKED}ind.net/flash/in.php?imei={IMEI}&time={current time}

Once the message is posted, the malware deletes the SMS from the affected phone to hide itself from the user.

The list of applications installed in the affected phone is posted by the malware to the following link:

• http://{BLOCKED}ind.net/flash/list.php?imei={IMEI}&time={current time}

Please note that the analysis above is based from the XML configuration downloaded by the malware at the time of this writing and may change anytime.