Andr/SMSRep-B is a Trojan that targets Android devices.
Andr/SMSRep-B uses a stolen Rapport icon and displays a simple screen when launched on affected device.
The Trojan registers a Broadcast receiver which intercepts all received SMS messages and forwards the messages to a malicious web server using HTTP POST requests. The stolen SMS messages are encoded using a JSON encoding scheme, often used by various web services.
For more information, please check http://nakedsecurity.sophos.com/2011/07/09/android-malware-spies-sms-messages-zeus-family/
Examples of Andr/SMSRep-B include:
Example 1
File Information
- Size
- 7.6K
- SHA-1
- 0c2b25c684be2f3b6ec28e8c62780b633b5a1a00
- MD5
- cf6b87aa1daf282d05db3a67f1129f3b
- CRC-32
- f3847606
- File type
- Unspecified binary - probably data
- First seen
- 2011-11-15
Example 2
File Information
- Size
- 8.2K
- SHA-1
- 0d3b251680ce760d44946a79ea6e944710ccdf8e
- MD5
- da879d8cf7a3be51ef2386d8b9d3af3d
- CRC-32
- e3641154
- File type
- Unspecified binary - probably data
- First seen
- 2011-11-12
Other vendor detection
- Kaspersky
- Trojan-Spy.AndroidOS.Zitmo.e
Example 3
File Information
- Size
- 20K
- SHA-1
- 1068fb7718487b22e547180d3492053383d20930
- MD5
- aa8df3121ce4c3e171c49c4c985208b7
- CRC-32
- 1aa7e164
- File type
- JAR archive file
- First seen
- 2012-01-10