It’s almost end 2011. What with Christmas recently passed, and New Year coming up, there’s naturally a lot of well wishes and holiday greetings being messaged around. Looks like someone’s decided to join in (a little late) – and also do a bit of data harvesting at the same time.
Spyware:Android/AdBoo.A appears to be one of those programs that lets you send witty/sweet/funny messages to your contacts. On execution, it displays a list of text messages that fall into different categories: new year wishes, friendship, love and jokes:
When the user choose one of these messages, the app prompts a dialog box asking the user to choose the next action: Contact, Edit or Cancel:
If the Contact option is chosen, the app tries to read the stored contact data. Presumably, the app needs to know who to send the message to:
During our initial analysis, since the test phone used didn’t have any contacts stored in it, the app didn’t retrieve anything at this point.
However, when retested with (bogus) contacts present, no text message is sent either – the user only sees a dialog box with the message “Sending fail”:
We noticed that the app did do something else though. On chosing the Contacts options, it silently obtained the following information from the device:
1) Phone Model
2) Android Version
3) Phone number
4) International Mobile Equipment Identity (IMEI) number
The harvested details are then forwarded to remote server.
Incidentally, looking at the certificate for the Adboo sample we have, it appears to be from the same developer as Trojan:Android/Zsone.A:
ThreatSolutions post by – Irene
Leave a reply