Newsfeed
Nachrichtenbote
We've found Android trojans that attempt to send SMS messages to premium rate SMS numbers. That's not unusual. What is different though is that these trojans don't work.
The trojans (detected as Trojan:Android/RuFailedSMS.A) use these permissions:
And pretend to be installers for a range of applications, with each malicious app offering to download a package (of what is presumably a popular app):
Some of the 'offered' applications include:
• Add_It_Up
• Advanced_Launcher_Lite
• AmazingMaze_supLitesup
• Analog_Clock_Collection
• Animal_Sudoku
• AnySoftKeyboard
• AnySoftKeyboard_Slovak_Language_Pack
• AppInventor_Toggle
• Arrow_Caz
• Astronomical_Flashlight
• BentoCam!
• Bimaru_-_Battleship_Sudoku
• BlackJack
• Carve_a_Pumpkin_supLitesup
• Chinese_Chess
• Christmas_Ringtones
• Coloring_pages
• Contact_Finder_supLitesup
• Converter
• Countdown_Widget
• Crayon_Ball
• Cyan_aHome_Theme
Fortunately, due to some uncaught exception in the code, the trojan (SHA1: 0d2d3317c6ca1a9812d357741f45af6bb360d89c) doesn't complete its malicious activities - it just crashes and terminates:
We've found over a hundred copies of the trojans, but the large number doesn't make it technically advanced - the copies basically use the same source code, but just re-shuffled into different configurations for the different packages.
The malware were found on third-party Android markets and targets users in Russia, Belarus, Kazakhstan and Azerbaijan.
Even though these trojans crash and fail, we are still detecting them due to app's malicious routines and also because of large number of copies circulating.
-----
ThreatSolutions post by - Jessie
On 27/12/11 At 10:13 AM
Weiterlesen...
The trojans (detected as Trojan:Android/RuFailedSMS.A) use these permissions:
And pretend to be installers for a range of applications, with each malicious app offering to download a package (of what is presumably a popular app):
Some of the 'offered' applications include:
• Add_It_Up
• Advanced_Launcher_Lite
• AmazingMaze_supLitesup
• Analog_Clock_Collection
• Animal_Sudoku
• AnySoftKeyboard
• AnySoftKeyboard_Slovak_Language_Pack
• AppInventor_Toggle
• Arrow_Caz
• Astronomical_Flashlight
• BentoCam!
• Bimaru_-_Battleship_Sudoku
• BlackJack
• Carve_a_Pumpkin_supLitesup
• Chinese_Chess
• Christmas_Ringtones
• Coloring_pages
• Contact_Finder_supLitesup
• Converter
• Countdown_Widget
• Crayon_Ball
• Cyan_aHome_Theme
Fortunately, due to some uncaught exception in the code, the trojan (SHA1: 0d2d3317c6ca1a9812d357741f45af6bb360d89c) doesn't complete its malicious activities - it just crashes and terminates:
We've found over a hundred copies of the trojans, but the large number doesn't make it technically advanced - the copies basically use the same source code, but just re-shuffled into different configurations for the different packages.
The malware were found on third-party Android markets and targets users in Russia, Belarus, Kazakhstan and Azerbaijan.
Even though these trojans crash and fail, we are still detecting them due to app's malicious routines and also because of large number of copies circulating.
-----
ThreatSolutions post by - Jessie
On 27/12/11 At 10:13 AM
Weiterlesen...