Skip to main content

Trojan:Android/Smspacem.A

Classification

Category:Malware
Type:Trojan
Platform:Android
Aliases:

Trojan:Android/Smspacem.A, Trojan:Android/Smspacem.A, Smspacem, Smspacem.A

Summary

Trojan:Android/Smspacem.A has a date-triggered payload that sends spam SMS messages to contacts listed on the device and changes the wallpaper.

Removal

Once the scan is complete, the F-Secure security product will ask if you want to uninstall the file, move it to the quarantine or keep it installed on your device.

Trojan:Android/Smspacem.A can be uninstalled by following the steps below:

  • Go to Settings
  • Go to Applications
  • Go to Manage Applications
  • Select the application
  • Press "Clear data"
  • Press "Uninstall"
  • Select "OK" when asked for confirmation and wait

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Trojan:Android/Smspacem.A is a trojanized version of a legitimate application currently available on Android Market.

Installation

During installation, Smspacem.A displays the following permission requests:

Payload

Smspacem.A has two date-triggered payloads.

If the date is 21st May 2011, Smspacem.A sends one of the following SMS messages to all contacts listed in the phone book:

  • "Cannot talk right now, the world is about to end"
  • "Jebus is way over due for a come back"
  • "Its the Raptures,praise Jebus"
  • "Prepare to meet thy maker,make sure to hedge your bet just in case the Muslims. were right"
  • "Just saw the four horsemen of the apocalypse and man did they have the worst case of road rage"
  • "Es el fin del mundo"

It changes the wallpaper to an image of an American media personality:

If the date is 22nd May 2011,Smspacem.A sends the following SMS messages to all contacts listed:

  • "Looks like Jebus is a no show, maybe Judaism was on to something"

It also changes the wallpaper to the following image:

Smspacem.A also contacts the following website using a SOAP request:

  • hxxp://biofaction.no[...].biz/talkto[...].asmx

Once connected, the trojan may receive commands for further operations:

  • If a "formula401" command is received, the trojan attempts to connect to:
    • If a "health" command is received, the trojan sends one of the following SMS messages to all contacts listed:

      More Support

      Community

      Ask questions in our Community.

      User guides

      Check the user guide for instructions.

      Contact Support

      Chat with with or call an agent.

      Submit a Sample

      Submit a file or URL for analysis.