Android/FakeTimer.A!tr

description-logoAnalysis

Android/FakeTimer.A!tr is a trojan targetting Android mobile phones.
It sends the device's information to an HTTP server.

Technical Details


The trojan installs a service called KitchenTimerService.
The service firsts contacts an HTTP server from which it will receive a cookie containing a unique identifier.
The service will then retrieve the following information:
  • Device IMEI
  • Subscriber ID
  • Phone number
And sends the information back to the HTTP server at:
  • http://[REMOVED]ancom.com/[REMOVED]
The application then opens a web page:
  • http://[REMOVED]ancom.com/[REMOVED]

Kaspersky: HEUR:Trojan.AndroidOS.FakeTimer.a

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2022-06-01 90.02827
2021-12-01 89.07373
2021-11-24 89.07163
2021-05-23 86.00386
2021-05-22 86.00356
2021-05-22 86.00355
2021-04-21 85.00617
2021-04-14 85.00448
2021-04-08 85.00304
2021-02-24 84.00273