Trojan:Android/AutoSPSubscribe.A

Classification

Malware

Trojan

Android

AutoSPSubscribe, SPPush

Summary

Trojan:Android/AutoSPSubscribe.A is a malicious app that targets Android users in China, and is distributed through unofficial markets. It takes advantage of the SMS-based subscription system that is commonly implemented in China to sign-up the user for certain services without the user's knowledge or consent.

Removal

Automatic action

Once the scan is complete, the F-Secure security product will ask if you want to uninstall the file, move it to the quarantine or keep it installed on your device.

Manual removal

Trojan:Android/AutoSPSubscribe.A can be uninstalled with the following steps:

  1. Go to Settings
  2. Go to Applications
  3. Go to Manage Applications
  4. Select the application
  5. Press "Clear Data"
  6. Press "Uninstall"
  7. Press "OK" when asked for confirmation and wait
Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

This trojan sends SMS to service provider to quietly register the user for a service, which brings about unsolicited charges on the user's account.

Installation

Upon installation, the trojan requests the following permissions:

  • restart packages
  • write to external storage
  • read contacts
  • receive SMS
  • read SMS
  • write SMS
  • send SMS
  • read the phone state
  • access the network state
  • access to internet

Activity

Trojan:Android/AutoSPSubscribe.A monitors incoming messages and intercepts those that originate from the service provider and carry order information containing details and charges for a value-added service. It then automatically replies to the provider with the value "Y", which indicates user confirmation to subscribe to the service.

NOTE: By policy, service providers must receive confirmation from the user before being able to proceed with the billing.

The message that notifies user about the service and its charge

Further messages from the provider to user to notify about the subscription confirmation will be automatically deleted by the trojan, which leaves the user unaware of the charges placed on the user account.

Additional details

This trojan was discovered by researchers at the North Carolina State University. For additional information, see:

Date Created: -

Date Last Modified: -