Home / malware Trojan:AndroidOS/Qicsomos.A
First posted on 22 May 2012.
Source: MicrosoftAliases :
Trojan:AndroidOS/Qicsomos.A is also known as HEUR:Trojan-SMS.AndroidOS.Qicsom.a (Kaspersky), Trojan.AndroidOS.Qicsomos.A (VirusBuster), Android/Qicsomos.A (Avira), Android.Trojan.Qicsomos.A (BitDefender), Android.SmsSend.393 (Dr.Web), Android/TrojanSMS.Agent.AM trojan (ESET), Andr/Qicsomos-A (Sophos), Android.Qicsomos (Symantec), AndroidOS_QICSOMOS.A (Trend Micro).
Explanation :
Trojan:AndroidOS/Qicsomos.A is a trojan that runs on devices running the Android operating system. It pretends to be an app that uninstalls Carrier IQ software, but instead sends SMS messages to a premium number at a cost.
When run, Trojan:AndroidOS/Qicsomos.A may display the following installation details:
It requests for the following permissions:
- Permission to read the low-level system log files, which may contain your personal information
- Permission to send SMS messages
Trojan:AndroidOS/Qicsomos.A poses as an app that removes CarrierIQ software.
However, choosing to uninstall the app only sends the following premium codes to the number "81168".
- AT37
- MC49
- SP99
- SP93
You may be charged a fee for sending these premium codes.
Analysis by Tim Liu
Last update 22 May 2012
