1. /
  2. Security Response/
  3. Android.Uracto

Android.Uracto

Risk Level 1: Very Low

Discovered:
March 17, 2013
Updated:
April 1, 2013 6:53:27 PM
Type:
Trojan
Infection Length:
1,770,924 bytes
Systems Affected:
Android
Android.Uracto is a Trojan horse for Android devices that steals personal information and sends spam SMS messages to contacts found on the compromised device.

Android package file
The Trojan may arrive as a package with the following characteristics:

Package names:
  • com.android.MindUranai
  • com.example.bookshare
  • com.example.jkmobile
  • com.example.n64emu
  • com.example.newsroid
  • infraredcamera.solution
  • manavi.solution
  • manga.solution
  • solution.newsandroid
  • solution.tubeplayer

Name:
Will vary and includes TubePlayer, MAMANAVI, and Infrared X-ray.


Installation
Once installed, the application may display various icons depicting the following:
  • a pink background with Janaese text
  • the Android robot with Japanese text
  • a pink play button with "TubePlayer" text
  • "mama NAVI" with text
  • a book with gold star and Japanese text
  • a camera lens with "Infrared X-ray" text




This Trojan is a variant of Android.Maistealer and Android.Enesoluty.

For more information, please see the following resources:

Antivirus Protection Dates

  • Initial Rapid Release version March 17, 2013 revision 033
  • Latest Rapid Release version March 25, 2013 revision 005
  • Initial Daily Certified version March 18, 2013 revision 004
  • Latest Daily Certified version March 25, 2013 revision 016
  • Initial Weekly Certified release date March 20, 2013
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Sends spam SMS messages to contacts found on the compromised device.
  • Releases Confidential Info: Steals contact information from the compromised device.

Distribution

  • Distribution Level: Low
Writeup By: Takashi Katsuki

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver