1. /
  2. Security Response/
  3. Android.Uracto

Android.Uracto

Risk Level 1: Very Low

Discovered:
March 17, 2013
Updated:
April 1, 2013 6:53:27 PM
Type:
Trojan
Infection Length:
1,770,924 bytes
Systems Affected:
Android
Android.Uracto is a Trojan horse for Android devices that steals personal information and sends spam SMS messages to contacts found on the compromised device.

Android package file
The Trojan may arrive as a package with the following characteristics:

Package names:
  • com.android.MindUranai
  • com.example.bookshare
  • com.example.jkmobile
  • com.example.n64emu
  • com.example.newsroid
  • infraredcamera.solution
  • manavi.solution
  • manga.solution
  • solution.newsandroid
  • solution.tubeplayer

Name:
Will vary and includes TubePlayer, MAMANAVI, and Infrared X-ray.


Installation
Once installed, the application may display various icons depicting the following:
  • a pink background with Janaese text
  • the Android robot with Japanese text
  • a pink play button with "TubePlayer" text
  • "mama NAVI" with text
  • a book with gold star and Japanese text
  • a camera lens with "Infrared X-ray" text




This Trojan is a variant of Android.Maistealer and Android.Enesoluty.

For more information, please see the following resources:

Antivirus Protection Dates

  • Initial Rapid Release version March 17, 2013 revision 033
  • Latest Rapid Release version March 25, 2013 revision 005
  • Initial Daily Certified version March 18, 2013 revision 004
  • Latest Daily Certified version March 25, 2013 revision 016
  • Initial Weekly Certified release date March 20, 2013
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Sends spam SMS messages to contacts found on the compromised device.
  • Releases Confidential Info: Steals contact information from the compromised device.

Distribution

  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Takashi Katsuki

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report