Sep 18, 2011

FakePlayer - Android Malware



File Name: pornoplayer2.apk 
MD5   : 46a53f4a6637e2807d79102a6a937c2e
SHA1  : 17144b0e95a07ffd5bd7c8e3bf95004fe5fe2305

I have just started analyzing android malwares. Here I have explained about the fake media player application Pornoplayer2.

This application gets installed like an Media player application on an android device. Once installed it sends out SMS to premium rated phone numbers from the infected mobile.

When this application is opened it displays a text to the user “Please wait ...” means "Подождите..." in Russian.


And sends the following numbers as text messages to the premium number "7132". Based on the display text and the premium number used by this malware it clearly says it targets Russian Android users.


"846978"

"845785"
"846006"
"844858"

It also sends the text message "dx427123" 4 times to the premium number "4161". Check below,



To avoid this kind of malware getting installed in your android device, always install applications from well known source like android market and verify the permission granted to the application at the time of install.




Posted by at

2 comments:

  1. sireeshaSeptember 22, 2011 at 9:01 AM

    its so interesting,
    i need some clarification regarding , i guess android is an Mobile OS.while updating New Versions of this also any possibilities are there
    infecting the mobile.

    ReplyDelete
  2. SivaSeptember 22, 2011 at 10:15 PM

    Thanks-:) It's similar to Desktop OS like any XP malware can run on Vista or Windows 7. It's only the computing platform it matters.

    ReplyDelete

Subscribe to: Post Comments (Atom)