Android/MobileTx
Analysis
Android/MobileTx is a trojan targetting Android mobile phones.
It disguises as various applications such as horoscope, farming games,
or the Chinese calendar.
It tries to send the victim's IMSI to an HTTP server or by SMS if the
HTTP request fails.
Technical Details
Once the applications is started, it tries to retrieve the device's IMSI (International Mobile Subscriber Identity) and tries to access a remote website:
- http://mobile.tx.***.**
Depending on the IMSI, the SMS recipient could be any of the following:
- 1065-*****-88877
- 1065-****-80133
- 1065-****-5111-191
99#[IMSI]#android#[APP_NAME]
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.