Follow:

 

TrojanSpy:AndroidOS/DroidDream.A


Microsoft security software detects and removes this threat.
 
This malicious program affects mobile devices running the Android operating system. It can give a remote hacker access to your mobile device.
 
This threat might be bundled with clean applications.


What to do now

Install security software on your device
This malware affects Android devices. 

Threat behavior

Installation

TrojanSpy:AndroidOS/DroidDream.A can be downloaded from the Internet.
 
Upon installation, it displays the following text on the device, outlining its capabilities:

<

Payload

Steals information

TrojanSpy:AndroidOS/DroidDream.A is capable of the following:

  • Accessing the Internet
  • Accessing your device's SD card (including modifying and deleting the card contents)
  • Toggling the Wi-Fi on and off
  • Modifying the device's settings and system files
  • Gaining highest privilege on the device's operating system
  • Downloading other potentially malicious files into the device

TrojanSpy:AndroidOS/DroidDream.A also contains the following exploit code:

  • rageagainstthecage
  • exploid

Both are detected as Exploit:Unix/Lotoor, and can allow a remote attacker to gain administrator privilege to the underlying operating system of the mobile device. It also contains the following file, which is also detected as TrojanSpy:AndroidOS/DroidDream.A:

  • sqlite_db

When installed, this file can steal the following information stored in the device and send the information to the remote address 184.105.245.17:

  • IMEI
  • IMSI
  • Model
  • ProductId
  • Partner
  • Language
  • Country
  • UserId

It is also capable of downloading other potentially malicious files into the device and can execute SQL commands. Analysis by Marianne Mallen


Symptoms

The following phone changes may indicate the presence of this malware:
 
  • The presence of the following program information:
     
 
 
 

Prevention


Alert level: Severe
First detected by definition: 1.99.460.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Mar 02, 2011
This entry was first published on: Mar 02, 2011
This entry was updated on: Oct 11, 2013

This threat is also detected as:
  • Android Fake Security tool (other)
  • BDS/Rooter.a (Avira)
  • Android.Trojan.DroidDream.A (BitDefender)
  • Android.DreamExploid.2 (Dr.Web)
  • Backdoor.AndroidOS.Rooter.a (Kaspersky)
  • Android/DNightmare (McAfee)
  • Troj/DroidD-A (Sophos)
  • Android.Rootcager (Symantec)
  • AndroidOS_ROOT.AL (Trend Micro)
  • Backdoor.AndroidOS.Rooter.HQ (VirusBuster)