1. /
  2. Security Response/
  3. Mobishooter


June 7, 2012 11:29:05 AM
Infection Length:
Risk Impact:
Systems Affected:
Android package file
The program may arrive as one of the following APK packages:
  • ca.gp.luminance
  • com.gp.DropBubble
  • com.gp.airwar
  • com.gp.animalkeeper
  • com.gp.arkanoid
  • com.gp.jaro
  • com.gp.jewels
  • com.gp.lights
  • com.gp.mahjongg
  • com.gp.monolith
  • com.gp.netscramblefull
  • com.gp.oceantravel
  • com.gp.paopaoyu
  • com.gp.search
  • com.gp.solitaire
  • com.gp.tiltmazes
  • com.ps.pushbox
  • com.ps.wordsearch.view
  • com.ps.yams

The program may be installed when certain games are downloaded on to the device.

When the program is being installed, it requests permissions to perform the following actions:
  • Access location (e.g., Cell-ID, GPS, WiFi)
  • Access information about networks
  • Allow read-only access to the phone state
  • Open network sockets
  • Read and write to external storage devices

Once installed, the program may display advertisements on the device.

The program then collects the following information from the device:
  • App ID
  • IMEI
  • Location (country)
  • OS version
  • Package name
  • Phone number
  • RAM size
  • Screen size

It may then send the gathered information to the following remote locations:
  • [http://]ads.wapx.cn
  • [http://]mobads.baidu.com
  • [http://]mobwin.android.com
  • [http://]r2.adwo.com
  • [http://]www.adsmogo.com/adser[REMOVED]
  • [http://]www.airad.com
  • [http://]www.domob.cn
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver