For Consumer

Virus Profile: Android/PBL.A

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 10/9/2012
Date Added: 10/9/2012
Origin: Unknown
Length: N/A
Type: PUP
Subtype: PDA Device
DAT Required: N/A
Removal Instructions
   
 
 
   

Description

Android/PBL.A is a PUP application found in the official Google Play market that provides access to a phone book database in the Internet but, at the same time, it sends personal sensitive information to the same remote server.

Indication of Infection

- Sends sensitive information (android_id, telephone number and contact list) to a remote server.

Methods of Infection

This PUP requires that the user intentionally install it upon the device. Users should verify that the application does not request permission to perform actions not related to the purpose of it.
   

Virus Characteristics

Android/PBL.A is a application found in the official Google Play market that provides access to a phone book database in the Internet but, at the same time, it sends personal sensitive information to the same remote server. However, in the description of the app, the developer states that the address book and location information will be stored in a MySQL database.

When it is about to be installed, Android/PBL.A requires the following suspicious permissions: READ_CONTACTS, WRITE_CONTACTS, ACCESS_FINE_LOCATION and ACCESS_MOCK_LOCATION. Once it is executed, Android/PBL.A shows the following interface to the user that allows the search by any combination of name, address or phone number:

At the same time Android/PBL.A obtains the geographical location of the device and starts an execution thread that establishes a remote connection to a MySQL database in the host ata[sensored].jp. After that, the malware checks if the device is already registered in the remote database by checking the presence of its android_id (a unique 64-bit number that is randomly generated on the device's first boot and it is constant for the lifetime of the device) in the remote server. If the device is not present in the database, Android/PBL.A obtains and sends to a remote server sensitive information of the contacts stored in the device like phone number, name, ZIP code, country, address, e-mail along with the geographical location of the device and the android_id. That information is obtained and stored in the remote database in the background and without user's consent.