Mobile Virus

Android/MobileTx

Analysis

Android/MobileTx is a trojan targetting Android mobile phones.
It disguises as various applications such as horoscope, farming games, or the Chinese calendar.
It tries to send the victim's IMSI to an HTTP server or by SMS if the HTTP request fails.

Technical Details

Once the applications is started, it tries to retrieve the device's IMSI (International Mobile Subscriber Identity) and tries to access a remote website:

http://mobile.tx.***.**

If the HTTP request fails, it will try to send an SMS message without the victim's consent.
Depending on the IMSI, the SMS recipient could be any of the following:

1065-*****-88877
1065-****-80133
1065-****-5111-191

The SMS message is of the following format:
99#[IMSI]#android#[APP_NAME]

Recommended Action

FortiGate Systems

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
Quarantine/delete files that are detected and replace infected files with clean backup copies.

ID	3300489
Released	Nov 14, 2011
Description Updated	Dec 01, 2011
Aliases	Kaspersky: not-a-virus:Monitor.AndroidOS.MobileTx.c, Sophos: Andr/MobileTX-A
Platform Profile	Android platform

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Mobile Virus

Android/MobileTx

Analysis

Technical Details

Recommended Action

Telemetry

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Mobile Virus

Android/MobileTx

Analysis

Technical Details

Recommended Action

Telemetry

Threat Intelligence
Center