Andr/BBridge-A is a Trojan family that targets Android devices. When run it first time, the Trojan drops its payload (located in “assets/anServerB.so” in the original package) as com.sec.android.bridge.apk, and pops up a button to ask users to install it.
The Trojan collects the following information and sends it to a remote site via http:
- Subscriber ID (e.g. IMSI for a GSM phone)
- IMEI
- Phone number
- Network country ISO
- Phone model
- Android OS version
- Sim Card info
The payload also contains the following functionalities:
- Send SMS messages
- Scan SMS messages
- Remove SMS messages from the inbox (sush as messages from China Mobile that contains message body “尊敬的用户,由于未经您的授权,本次请求未成功,如需使用,请致电10086进行开通,中国移动。”) in order to prevent users from getting fee consumption updates
Examples of Andr/BBridge-A include:
Example 1
File Information
- Size
- 1.8M
- SHA-1
- 000e2aba277595ac687f29f310e748587d1b26e5
- MD5
- 5aada12f882c13586e46dc7c29155fbe
- CRC-32
- File type
- Android application package (APK) file
- First seen
- 2021-01-11
Example 2
File Information
- Size
- 3.4M
- SHA-1
- 001c13d121a6dab6f9f1f27f1bb04fc13f2f8acf
- MD5
- f4d12c1ca193647dd452d7ed5b8832a8
- CRC-32
- File type
- Android application package (APK) file
- First seen
- 2021-01-19
Example 3
File Information
- Size
- 1.8M
- SHA-1
- 002201600666a408a723d63402d190fd574817b3
- MD5
- 2e0660ab087be3ca3d861ad22eb7b3be
- CRC-32
- File type
- Android application package (APK) file
- First seen
- 2020-12-10