1. /
  2. Security Response/
  3. Android.Malminer

Android.Malminer

Risk Level 1: Very Low

Discovered:
March 27, 2014
Updated:
March 28, 2014 2:15:17 PM
Type:
Trojan
Infection Length:
Varies
Systems Affected:
Android
Android.Malminer is a Trojan horse for Android devices that mines cryptocurrencies on the compromised device.



Android package file
The Trojan may arrive as a package with the following characteristics:

Package names:
  • com.socialtokenmobile.prized.android
  • com.originalsongs321
Name: Prized


Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
  • Access location information, such as Cell-ID or WiFi
  • Access location information, such as GPS information
  • Access information about networks
  • Access information about the WiFi state
  • Connect to paired bluetooth devices
  • Initiate a phone call without using the Phone UI or requiring confirmation from the user
  • Access list of accounts in the Accounts Service
  • Access information about currently or recently running tasks
  • Open network connections
  • Read user's calendar data
  • Read user's contacts data
  • Check the phone's current state
  • Start once the device has finished booting
  • Send SMS messages
  • Make the phone vibrate
  • Prevent processor from sleeping or screen from dimming
  • Create new calendar information
  • Create new contact data
  • Write to external storage devices

Installation
Once installed, the application will display a blue icon with a white present on it.



Antivirus Protection Dates

  • Initial Rapid Release version March 27, 2014 revision 008
  • Latest Rapid Release version March 27, 2014 revision 008
  • Initial Daily Certified version March 27, 2014 revision 019
  • Latest Daily Certified version March 27, 2014 revision 019
  • Initial Weekly Certified release date April 2, 2014
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Medium
  • Payload: Mines cryptocurrency.

Distribution

  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Kevin Savage

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report