Mobile Virus

Android/Dogowar.A!tr

Analysis

Android/Dogowar.A!tr is a Trojan which targets Android mobile phones. The malware is included in modified versions of a genuine but controversed application named 'Dog Wars'. It attempts to make a fool of the victim by sending all of his/her contacts an SMS with the following text:
I take pleasure in hurting small animals, just thought you should know that
Additionally, it sends an SMS to the short code 73822 with message "text". In the USA, this actually signs up the victim to a free SMS service from PETA (People for the Ethical Treatment of Animals).
Note there is no indication the malware authors is connected whatsoever to PETA.
The trojanised application is quite similar to the real one, except its icon (a dog) does not include the words BETA but PETA.

Technical Details


Malicious activity of Android/Dogowar.A!tr starts when the phone is rebooted. Then, a malicious service named com.dogbite.Doghouse is started. In turn, this background service starts another service named com.dogbite.Rabies.
This service parses all contacts for which a phone number is specified and sends them an SMS. Then, it sends a hard-coded SMS to 73822.

Recommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.