Andr/SMSRep-B

    Category: Viruses and SpywareProtection available since:31 May 2011 05:20:07 (GMT)
    Type: TrojanLast Updated:07 Mar 2013 07:35:43 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Andr/SMSRep-B is a Trojan that targets Android devices.

    Andr/SMSRep-B uses a stolen Rapport icon and displays a simple screen when launched on affected device.

    The Trojan registers a Broadcast receiver which intercepts all received SMS messages and forwards the messages to a malicious web server using HTTP POST requests. The stolen SMS messages are encoded using a JSON encoding scheme, often used by various web services.

    For more information, please check http://nakedsecurity.sophos.com/2011/07/09/android-malware-spies-sms-messages-zeus-family/

    Examples of Andr/SMSRep-B include:

    Example 1

    File Information

    Size
    7.6K
    SHA-1
    0c2b25c684be2f3b6ec28e8c62780b633b5a1a00
    MD5
    cf6b87aa1daf282d05db3a67f1129f3b
    CRC-32
    f3847606
    File type
    Unspecified binary - probably data
    First seen
    2011-11-15

    Example 2

    File Information

    Size
    8.2K
    SHA-1
    0d3b251680ce760d44946a79ea6e944710ccdf8e
    MD5
    da879d8cf7a3be51ef2386d8b9d3af3d
    CRC-32
    e3641154
    File type
    Unspecified binary - probably data
    First seen
    2011-11-12

    Other vendor detection

    Kaspersky
    Trojan-Spy.AndroidOS.Zitmo.e

    Example 3

    File Information

    Size
    20K
    SHA-1
    1068fb7718487b22e547180d3492053383d20930
    MD5
    aa8df3121ce4c3e171c49c4c985208b7
    CRC-32
    1aa7e164
    File type
    JAR archive file
    First seen
    2012-01-10

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection