Home / malware Trojan:Android/AutoSPSubscribe.A
First posted on 19 August 2011.
Source: SecurityHomeAliases :
There are no other names known for Trojan:Android/AutoSPSubscribe.A.
Explanation :
Trojan:Android/AutoSPSubscribe.A is a malicious app that targets Android users in China, and is distributed through unofficial markets. It takes advantage of the SMS-based subscription system that is commonly implemented in China to sign-up the user for certain services without the user€™s knowledge and consent.
Additional Details
This trojan sends SMS to service provider to quietly register the user for a service, which brings about unsolicited charges on the user's account.
Installation
Upon installation, the trojan requests the following permissions:
- restart packages
- write to external storage
- read contacts
- receive SMS
- read SMS
- write SMS
- send SMS
- read the phone state
- access the network state
- access to internet
Activity
Trojan:Android/AutoSPSubscribe.A monitors incoming messages and intercepts those that originate from the service provider and carry order information containing details and charges for a value-added service. It then automatically replies to the provider with the value "Y", which indicates user confirmation to subscribe to the service. (NOTE: By policy, service providers must receive confirmation from the user before being able to proceed with the billing).
The message that notifies user about the service and its charge
Further messages from the provider to user to notify about the subscription confirmation will be automatically deleted by the trojan, which leaves the user unaware of the charges placed on the user account.Last update 19 August 2011