At a glance:

ID 4563064
Released Jan 30, 2013
Description Updated Apr 29, 2013

Detection Availability

FortiGate
Active
Extended
Extreme
Mobile
FortiClient
Active/Extended
Extreme
FortiSandbox
FortiMail
FortiAP-S

Threat Profile

Aliases:
  • a variant of Android/TrojanSMS.Agent.GR trojan (NOD32)
Platform: Android

Android platform


Type: Trojan (tr)

Mobile Virus

Android/SMSAgent.GR!tr

Analysis

Android/SMSAgent.GR!tr is a Trojan horse for mobile phones running Android 2.1 or greater. It sends SMS to a certain service provider phone number. Those tasks are done without consent of the victim. The malicious package often disguises itself as a mobile phone update package.

  • Once installed, the package displays an icon in the Application Launcher, but the malware uses a name that will probably have the victim believe this is a genuine system application.

  • The malware creates shortcut, when customer clicks the shortcut, it opens unsafe website.

  • It sends sms which contains the victim's personal infomation to a certain server.

  • The malware encrypts most of the methods and data.

    •

    Recommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
      FortiClient Systems
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.