Home / malware Trojan:AndroidOS/Arspam.A
First posted on 01 February 2012.
Source: MicrosoftAliases :
Trojan:AndroidOS/Arspam.A is also known as Android.Trojan.Arspam.A (BitDefender), Android.Arspam.1 (Dr.Web), Android/TrojanSMS.Arspam.A trojan (ESET), Trojan-SMS.AndroidOS.Arspam.a (Kaspersky), Andr/Arspam-A (Sophos), Android.Arspam (Symantec).
Explanation :
Trojan:AndroidOS/Arspam.A is a trojan that affects mobile devices running the Android operating system.
Top
Trojan:AndroidOS/Arspam.A is a trojan that affects mobile devices running the Android operating system.
Installation
When installed, it may display the following messages:
and may request for a number of permissions, including:
- Access the user's current location
- Access the built-in camera
- Delete packages
- Enable or disable Bluetooth
- Install packages
- Modify audio settings
- Mount and format the file system
- Read and write on the device calendar, contacts, history, SMS messages, and others
- Send SMS messages
- Set the time zone and wallpaper
When run, it may appear as the following:
Payload
Sends out a link to all contacts
Trojan:AndroidOS/Arspam.A sends a link to all of the user's contacts. The link may be a URL to any of the following sites:
- 2<removed>x2.com
- 3<removed>1z.com
- 4<removed>al.net
- a<removed>sa7ab.com
- d<removed>ofaralaezz.com
- d<removed>ahgareb.com
- f<removed>rum.65man.com
- f<removed>rum.althuibi.com
- f<removed>rum.te3p.com
- h<removed>wwari.com
- h<removed>oof.com
- i<removed>sastok.com
- m<removed>fia.clubme.net
- m<removed>mak.com
- r<removed>yadhmoon.com
- t<removed>o-8.com
- v<removed>.roooo3.com
- w<removed>2w.com
Trojan:AndroidOS/Arspam.A downloads the following PDF file:
http://www.alwasatnews.com/data/2011/3382/BICIreportAR.pdf
Analysis by Tim Liu
Last update 01 February 2012
