1. /
  2. Security Response/
  3. Android.Nandrobox


Risk Level 1: Very Low

July 2, 2012
July 19, 2012 7:16:57 AM
Systems Affected:
Android.Nandrobox is a Trojan horse for Android devices that steals information from the compromised device. It also deletes certain SMS messages from the device.

Android package file
The Trojan may arrive as a package with the following name:

APK: com.androidbox.ysygbnet8
Version: 1.0

Once installed, the application displays the following icon on the device:

Antivirus Protection Dates

  • Initial Rapid Release version pending
  • Latest Rapid Release version July 3, 2012 revision 006
  • Initial Daily Certified version July 2, 2012 revision 018
  • Latest Daily Certified version July 3, 2012 revision 017
  • Initial Weekly Certified release date July 4, 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: Medium
  • Payload: Deletes certain SMS messages.
  • Releases Confidential Info: Steals information from the device.


  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Daniel Xiang

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report