Andr/BBridge-A

Category: Viruses and SpywareProtection available since:07 May 2017 06:44:33 (GMT)
Type: TrojanLast Updated:07 May 2017 06:44:33 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Andr/BBridge-A is a Trojan family that targets Android devices. When run it first time, the Trojan drops its payload (located in “assets/anServerB.so” in the original package) as com.sec.android.bridge.apk, and  pops up a button to ask users to install it.

The Trojan collects the following information and sends it to a remote site via http:

  • Subscriber ID (e.g. IMSI for a GSM phone)
  • IMEI
  • Phone number
  • Network country ISO
  • Phone model
  • Android OS version
  • Sim Card info


The payload also contains the following functionalities:

  • Send SMS messages
  • Scan SMS messages
  • Remove SMS messages from the inbox (sush as messages from China Mobile that contains message body “尊敬的用户,由于未经您的授权,本次请求未成功,如需使用,请致电10086进行开通,中国移动。”) in order to prevent users from getting fee consumption updates

 

Examples of Andr/BBridge-A include:

Example 1

File Information

Size
1.8M
SHA-1
000e2aba277595ac687f29f310e748587d1b26e5
MD5
5aada12f882c13586e46dc7c29155fbe
CRC-32
File type
Android application package (APK) file
First seen
2021-01-11

Example 2

File Information

Size
3.4M
SHA-1
001c13d121a6dab6f9f1f27f1bb04fc13f2f8acf
MD5
f4d12c1ca193647dd452d7ed5b8832a8
CRC-32
File type
Android application package (APK) file
First seen
2021-01-19

Example 3

File Information

Size
1.8M
SHA-1
002201600666a408a723d63402d190fd574817b3
MD5
2e0660ab087be3ca3d861ad22eb7b3be
CRC-32
File type
Android application package (APK) file
First seen
2020-12-10