Wontok SafeCentral Malware Bulletin
1 June 2015
Malware Family: Android.Riskware.SMSReg
Android Riskware SMSReg is an Android malware that is marketed as an application to help maximize a device’s battery usage. The malware is often disguised as an Android application such as ‘Battery Improve’ or ‘Battery Saver’ that must be downloaded and installed. Once installed, the malware will ask for additional setup details that allows Trojan viruses to begin cutting down the battery existence and stealing sensitive data like email ID, stored photos, and your phonebook sending it to remote access server.
Wontok Lab Results
We observed that Wontok SafeCentral Mobile Security’s On Access and On Demand engines properly detect and remediate the malware that prevents the unwanted Android Riskware by uninstalling/deleting this malware.
Android Riskware.SMSReg has many variants often disguising itself as a legitimate Android Battery Saving Application and once installed and activated on a device steals data unbeknownst to the user including: API key, Application ID, Carrier, Device manufacturer, Device model, GPS location, International Mobile Equipment Identity(IMEI) number, Network operator, Package name, SDK version.
About Wontok Lab
Wontok Lab is Wontok’s product test facility that consists of a team of security researchers in a controlled analysis and testing environment. Wontok Lab conducts rigorous tests specifically designed and tailored for each of Wontok’s security products.
About Wontok SafeCentral Security Solutions
With operations in the United States, Europe and Asia-Pacific, Wontok brings proven remote access and endpoint security solutions to market. Wontok designed the SafeCentral solutions to be effective against advanced malware threats on the desktop and mobile devices. SafeCentral Security Solutions includes SafeDesktop, Mobile Security, and Security Suite, all of which can be delivered via partner owned platforms or via the Wontok ONE Cloud-based VAS service delivery platform.