1. /
  2. Security Response/
  3. Android.Nandrobox

Android.Nandrobox

Risk Level 1: Very Low

Discovered:
2 July 2012
Updated:
19 July 2012 7:16:57 AM
Type:
Trojan
Systems Affected:
Android
Android.Nandrobox is a Trojan horse for Android devices that steals information from the compromised device. It also deletes certain SMS messages from the device.

Android package file
The Trojan may arrive as a package with the following name:

APK: com.androidbox.ysygbnet8
Version: 1.0


Installation
Once installed, the application displays the following icon on the device:


Antivirus Protection Dates

  • Initial Rapid Release version pending
  • Latest Rapid Release version 3 July 2012 revision 006
  • Initial Daily Certified version 2 July 2012 revision 018
  • Latest Daily Certified version 3 July 2012 revision 017
  • Initial Weekly Certified release date 4 July 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Deletes certain SMS messages.
  • Releases Confidential Info: Steals information from the device.

Distribution

  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Daniel Xiang
2015 Internet Security Threat Report, Volume 20