The Latest in IT Security

“Battery Doctor” Android Scareware


A new “scareware” targeting mobile devices running Google’s Android operating system claims about its ability to recharge the battery. It also has the ability to steal information.

When the program first executes, below overview window appears. As you can see, it shows information about the battery and running applications and second pie chart on the right side of the screen shows, available storage space.

The program loads as a service called NotifAdSDK, which checks in (and sends along your profile information) every four hours.

Battery Doctor sends below information to its home server “push.m[xxxx]”:
-Its screen size;
-The version of the browser and OS on the device;
-The program which is generating the traffic (com.androidupgrade.battery) and its version;
-The name of the campaign;
-The device’s manufacturer and model;
-The network the device uses;
-The phone’s coarse (mobile network) or fine (GPS) location;
-The IMEI and phone number;
-The app’s API key;
-A unique identifier for the device.

Thanks Sandip for analyzing the sample. Quick Heal Mobile Security detects the file as Android.Batterydoctor.A.

Users are advised to install the apps from trusted sites only.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments