Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan:Android/Plankton


Aliases:


Plankton
Trojan:Android/Plankton.[variant]

Malware
Trojan
Android

Summary

Trojan:Android/Plankton variants silently forward information about the device to a remote location. In addition, they download an additional file onto the device.



Disinfection & Removal

F-Secure's Mobile Security product blocks installation of this program with default settings.



Technical Details

Once installed on a device, Trojan:Android/Plankton will forward the following details (about the Plankton app itself) to a remote server:

  • ApplicationID
  • DeveloperID
  • DeviceID
  • The permissions granted
  • Device status

On receiving this information, the server contacted returns a URL, from which Plankton retrieves a JAR file.

In addition to collecting the details for the Plankton app, the trojan will also collect the following information:

  • International Mobile Equipment Identity (IMEI) number
  • Details of the device itself
  • Operating system protocol version
  • UserID

These details are also forwarded to the remote server.

Plankton variants are also able to perform the following actions on the device, among others:

  • Collect the browser history
  • Collect or modify the browser's bookmarks
  • Install a downloaded file






Submit a sample


Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.