Yet another discovery from our SherlockDroid/Alligator, while we were scanning an ‘alternative’ marketplace for Android :Android/Odpa.A!tr.spy
This sample consists of a smartphone cleaner, giving the end-user the opportunity to clean up obsolete or unused data from the device. In theory, this looks like a good idea. Unfortunately, the HTTP requests the sample posts are far from clean. As soon as you click on the icon, the malware posts over 25 system properties (yes, that much!) along with other private information such as your phone number, IMEI, MAC address, whether the device is rooted or not. Note that this traffic does not include traffic for advertisers like Umeng. They also receive numerous data like the country, timezone, device model, CPU model, IMEI, date at which you launched the application etc.
Fortinet Blog | News and Threat Research Clean for the phone, but not clean in the code
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.