virus logo Mobile Virus

Android/AckPosts.A!tr

description-logoAnalysis

Android/AckPosts.A!tr is a piece of malware targetting Android mobile phones.
The malicious package comes disguised as Battery Life prolongation or Radio waves improvement applications however, in the background, it sends contact details from the infected phone to the attacker's server.

Technical Details


The main application can be called "Long Battery" or "Radio Waves improvement" or "Secret App" (ref Fig1 and Fig2) and comes in packages such as com.mmmm.batterylong, freetalkn.all.free, com.mmmm.bl, secret.app.android etc.

Fig1 : Long Batter life application

Fig2 : Radio Wave improvement application icon

Fig3 : Secret App application Icon
When the application is launched, the user is shown a message saying the application is not supported by the phone.

Fig4 : Application main screen (The message in Japanese roughly translates to "Sorry, the application is not supported by your phone"
In the background, the application steals contact information and sends it to the attackers server 
hxxp://[REMOVED]/bl.php
or 
hxxp://[REMOVED]/batterylong.php
in the format 
[_id] + ":" + [display_name] + ":" + [phone_number] + ":" + [email_id] + "/"
and so on, for each contact on the phone.
Permissions required by the application:
  • READ_CONTACTS
  • INTERNET

Aimed at Japanese users
Certificate information: Owner: CN=1; Issuer: CN=1

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2022-09-14 90.05990
2022-04-29 90.01836
2021-11-10 89.06744
2020-11-05 81.61300
2019-12-11 73.71700
2019-06-12 69.20800
2019-04-12 67.75300
2018-12-19 65.01300
2018-12-08 64.73800
ID 5024977
Released May 28, 2013
Description
Updated		 Jun 06, 2013
Aliases Aliases : Android.Ackposts (Symantec), HEUR:Trojan.AndroidOS.Ackposts.a (Kaspersky), Trojan:Android/AckPosts.A (F-Secure), AndroidOS_Contacts.E (TrendMicro), Andr/Ackposts-A (Sophos), a variant of Android/Ackposts.B (ESET-NOD32)
Platform Profile Android platform