Home > Threat descriptions >

Trojan:Android/Plankton

Classification

Category: Malware

Type: Trojan

Platform: Android

Aliases: Plankton, Trojan:Android/Plankton.[variant]

Summary


Trojan:Android/Plankton variants silently forward information about the device to a remote location. In addition, they download an additional file onto the device.

Removal


Automatic action

Once the scan is complete, the F-Secure security product will prompt you to assess the file and choose to Uninstall, Quarantine or keep it installed on your device.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Once installed on a device, Trojan:Android/Plankton will forward the following details (about the Plankton app itself) to a remote server:

  • ApplicationID
  • DeveloperID
  • DeviceID
  • The permissions granted
  • Device status

On receiving this information, the server contacted returns a URL, from which Plankton retrieves a JAR file.

In addition to collecting the details for the Plankton app, the trojan will also collect the following information:

  • International Mobile Equipment Identity (IMEI) number
  • Details of the device itself
  • Operating system protocol version
  • UserID

These details are also forwarded to the remote server.

Plankton variants are also able to perform the following actions on the device, among others:

  • Collect the browser history
  • Collect or modify the browser's bookmarks
  • Install a downloaded file