Threat behavior
It then creates a service with the following name so that executes every time the device restarts:
com.dogbite.RabiesTrojan:AndroidOS/Rabidog.A is a trojan that affects mobile devices running the Android operating system. It sends SMS texts to all contacts on the device and sends an SMS text to report its installation without the affected user's knowledge and possibly resulting in data charges for the owner of the affected device.
Installation
This trojan may be distributed as a beta version of a game named "Dog Wars" and as an installation package named "DogWars.apk". Once installed, an icon may be present on an affected device, resembling the one below:
Note the acronym "PETA" and not the word "Beta" on the image of the dog. The trojan then creates a service named "com.dogbite.Rabies" so that it executes every time the device restarts.
Trojan:AndroidOS/Rabidog.A requests the following user permissions upon installation:
- android.permission.VIBRATE - Allows access to the vibrator.
- android.permission.INTERNET - Allows applications to open network sockets.
- android.permission.ACCESS_COARSE_LOCATION - Allows an application to access coarse (e.g., Cell-ID, WiFi) loc.ation.
- android.permission.READ_PHONE_STATE - Allows read only access to phone state.
- android.permission.SEND_SMS - Allows an application to send SMS messages.
- android.permission.WRITE_SMS - Allows an application to write SMS messages.
- android.permission.READ_CONTACTS - Allows an application to read the user's contacts data.
- android.permission.RECEIVE_BOOT_COMPLETED - Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
Payload
Sends SMS to all contacts on the device
Trojan:AndroidOS/Rabidog.A sends the following message to all contacts on the device:
- "I take pleasure in hurting small animals, just thought you should know that"
The trojan also sends the string "text" to 73822 to notify an attacker. When the trojan sends the SMS messages, it could result in data charges for the owner of the affected device.
Analysis by Wei Li
Prevention
