Trojan:AndroidOS/BaseBridge.B is a trojan affecting Android mobile devices. The trojan steals sensitive data and sends it to a remote server for collection by an attacker and may terminate certain applications.
Installation
The trojan may be distributed as an Android installation package with an enticing file name such as "anserverb_qqgame.apk". During installation, the following graphic may be displayed:
During installation, it requests the following permissions:
android.permission.WRITE_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.VIBRATE
android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.SEND_SMS
android.permission.READ_PHONE_STATE
android.permission.DISABLE_KEYGUARD
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.WAKE_LOCK
android.permission.RESTART_PACKAGES
android.permission.WRITE_APN_SETTINGS
Payload
Captures sensitive data
When BaseBridge executes, it may collect the following information and send it to a remote server for collection by an attacker:
- SMS content
- SMS sender number
Terminate applications
The trojan attempts to terminate the browser application "360 Mobile Safe". It may also delete any SMS received from 10086, and display the following message:
尊敬的用户,犹豫未经您的授权,本次请求未成功,如需使用,请致电10086进行开通,中国移动.
The above text is an "error message" suggesting that the request was not successful.
Analysis by Tim Liu
