Trojan:Android/Adrd.A

by Carol~ Moderator - 2/16/11 11:37 AM

In Reply to: NEWS - February 16, 2011 by Carol~ Moderator

From the F-Secure Weblog:

A few days back, Mikko tweeted about a new Android trojan named ADRD (we detect it as as Trojan:Android/Adrd.A).

ADRD was mostly found included in several applications from a third-party application provider in China, with the applications repackaged to contain the trojan. So far, most of the infected applications have been wallpaper-related.

Here is an example of an infected application: [Screenshot]

An installed application infected with ADRD may show these permissions: [Screenshot]

These permissions enable ADRD to start its routine during phone start up, changing of data connection such as enabling/disabling network data access. Some of its permissions may include access to the SD card, the phone and the Access Point Name(APN) settings.

ADRD's functionality appears to involve contacting a remote host, which may be:

• adrd.tax[..].net
• adrd.xiax[..].com

and sending the phone's info - specifically, the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI). Data being transmitted is DES encrypted.

Continued : http://www.f-secure.com/weblog/archives/00002100.html

Also:
New Android Trojan Surfaces in China
New Android Trojan horse could prove costly