The Latest in IT Security

“Battery Doctor” Android Scareware

24
Oct
2011

A new “scareware” targeting mobile devices running Google’s Android operating system claims about its ability to recharge the battery. It also has the ability to steal information.

When the program first executes, below overview window appears. As you can see, it shows information about the battery and running applications and second pie chart on the right side of the screen shows, available storage space.

The program loads as a service called NotifAdSDK, which checks in (and sends along your profile information) every four hours.

Battery Doctor sends below information to its home server “push.m[xxxx]ze.com”:
-Its screen size;
-The version of the browser and OS on the device;
-The program which is generating the traffic (com.androidupgrade.battery) and its version;
-The name of the campaign;
-The device’s manufacturer and model;
-The network the device uses;
-The phone’s coarse (mobile network) or fine (GPS) location;
-The IMEI and phone number;
-The app’s API key;
-A unique identifier for the device.

Thanks Sandip for analyzing the sample. Quick Heal Mobile Security detects the file as Android.Batterydoctor.A.

Users are advised to install the apps from trusted sites only.

Leave a reply


Categories

SATURDAY, OCTOBER 21, 2017

Featured

Archives

Latest Comments

Social Networks