Andr/SMSRep-B

Category: Viruses and SpywareProtection available since:31 May 2011 05:20:07 (GMT)
Type: TrojanLast Updated:07 Mar 2013 07:35:43 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Andr/SMSRep-B is a Trojan that targets Android devices.

Andr/SMSRep-B uses a stolen Rapport icon and displays a simple screen when launched on affected device.

The Trojan registers a Broadcast receiver which intercepts all received SMS messages and forwards the messages to a malicious web server using HTTP POST requests. The stolen SMS messages are encoded using a JSON encoding scheme, often used by various web services.

For more information, please check http://nakedsecurity.sophos.com/2011/07/09/android-malware-spies-sms-messages-zeus-family/

Examples of Andr/SMSRep-B include:

Example 1

File Information

Size
7.6K
SHA-1
0c2b25c684be2f3b6ec28e8c62780b633b5a1a00
MD5
cf6b87aa1daf282d05db3a67f1129f3b
CRC-32
f3847606
File type
Unspecified binary - probably data
First seen
2011-11-15

Example 2

File Information

Size
8.2K
SHA-1
0d3b251680ce760d44946a79ea6e944710ccdf8e
MD5
da879d8cf7a3be51ef2386d8b9d3af3d
CRC-32
e3641154
File type
Unspecified binary - probably data
First seen
2011-11-12

Other vendor detection

Kaspersky
Trojan-Spy.AndroidOS.Zitmo.e

Example 3

File Information

Size
20K
SHA-1
1068fb7718487b22e547180d3492053383d20930
MD5
aa8df3121ce4c3e171c49c4c985208b7
CRC-32
1aa7e164
File type
JAR archive file
First seen
2012-01-10