Android/FakeTimer.A!tr
Analysis
Android/FakeTimer.A!tr is a trojan targetting
Android mobile phones.
It sends the device's information to an HTTP server.
Technical Details
The trojan installs a service called KitchenTimerService.
The service firsts contacts an HTTP server from which it will receive a cookie containing a unique identifier.
The service will then retrieve the following information:
- Device IMEI
- Subscriber ID
- Phone number
- http://[REMOVED]ancom.com/[REMOVED]
- http://[REMOVED]ancom.com/[REMOVED]
Kaspersky: HEUR:Trojan.AndroidOS.FakeTimer.a
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |