Security Apps for Android

Malware information: Android SMS Fake installer

Risk Level: Damage: Distribution:
NameAndroid SMS Fake installer
Malware typeScam
GeoRussia
Score3
Date Discovered05.11.2011
Date Added05.11.2011

 

We have seen lately more 3rd party Russian app stores to contain Trojans and malicious Android applications.
The last trend seen in those 3rd party websites is requesting from the user the sending of premium SMS numbers (usually three) to install the requested application.
What those application authors forgot to tell those users is that those apps exactly can be downloaded for free from the official Android market.
Our advice to the users:
Download your applications only from trusted sources only and avoid shady 3rd party app stores and forums.

Method of InfectionInstalling an APK file
Encryptedno
Distribution PotentialLow
In the wildYes
Overall Risk RatingLow
Damage PotentialLow
Reverse infoAvailable
SymptomsSMSs sent to premium numbers to start a process of application installation

Package name:
The package name of the malware is “com.depositmobi“:

 
Permissions:
The permissions requested by the malware are:
 
 
What the user’s see after installing the malware:
After the user installs the application an icon with the text ‘Install’ appear on the device:
 
 
 
Agreement:
If the user chooses to open it than he will see the following message asking him if he agree to the terms of the download:
 
 
Most of the users will press ‘Install’ at this point without knowing that the app will charge them as they are not aware it is being displayed in the ‘Rules’ button.
 
The users that press ‘Rules’ button will see a very hard to read screen with a lot of text that mention in it the payment of sending up to 3 SMS messages.
 
There’s no description about the numbers it will send SMSs or the fee that will be charged.
 
 
 
more technical details:
In the code we could find the list of all the countries with their extensions so that the SMS could be charged whether it was installed and used in Russia or in some other country:
 
 
 
Here we can see the checks in the app whether the SMSs have been sent:
 
 
Here we can see the SMSs been sent to the hard coded premium numbers:
 
 
The author of the app could tell if he need to display the texts in Russian or in English that can be understood by millions of Android users:
 
 
‘Raw’ folder in the APK file contain a file named ‘countries’ that contain examples of text in different languages:
 
 

 

AVG Mobilation Anti-Virus Free and Pro products provide protection against this threat.
In order for the protection to be activated, update your Android phone with our latest version.
Keep your device safe with AVG Mobilation Anti-Virus Free and Pro products.
Download now from http://www.avgmobilation.com/products.html

How to avoid from getting infected:
When installing new apps to your Android device, always look at the permissions an application requests to approve and make sure the list seems appropriate.

Free antivirus for mobile
The most popular Antivirus for Android™ devices
  • Identify and remove viruses with one easy click
  • Download apps, music and videos with confidence
  • Locate, lock and wipe your device if lost or stolen
Download free antivirus app
Ultimate protection for Android Smartphones
Upgrade to ultimate protection for professional users.
  • Complete protection from SMS spam, scams and phishing attempts
  • VIP support when you need it to keep you working
  • No disruptions or advertising
Protect your Smartphone now!
backup of all your contacts and preferences
Secure backup of all your contacts and preferences
COMING SOON
Mobile control panel
For existing Antivirus
and Antivirus PRO users
  • Login for remote management of your Android™ device.



Login