Description
- Malware installed as part of an app on host Android device that steals phone data such as cookies, app data, messages, connected SSID, etc... The data is sent via POST to a collection server over HTTP port 80. The data collection most often seen with this variant is for Taobao mobile. Which is an application for online shopping, and uses data collection for targeted recommendations. The ASN seen correlated to these events is for Alibaba. There was a single case where the direct ASN was for ZSCALER but in the payload was a CONNECT rerouting the traffic directly to port 80 of an IP and that IP was an Alibaba IP.
Vector
- Port 80 HTTP
User-Agent
- Dalvik
Known False Positive Indicators
- N/A
Affected Host
- Android
Classification
- Malware
Sentinel Signature
-
MALWARE AndroidOS/Trojan.OJNF-2 Variant Sending Phone Information
DNS Calls
- amdc.m.taobao.com
Comments
0 comments
Please sign in to leave a comment.