Tuesday, July 12, 2011

HTC.apk - fake security patch

Name:                   HTC fake patch
File Name:             htc.apk
MD5:                    4c8f01db58987c2c3321cdbbb1a2e67a 
Sample Credits:    many thanks to William Hill CPU Media | Android mobile malware scan July 12, 2011 
Research:              CPU Media | Android mobile malware scan July 12, 2011
HTC.apk is a fake security patch found on circulating among Chinese users. It's a phishing attack disguised to appear as a security patch from China Mobile. The infected site is (note that is a legitimate China Mobile site).

Download  (pass infected)

Htc.apk  4c8f01db58987c2c3321cdbbb1a2e67a
Submission date:2011-07-12 09:51:11 (UTC)
11/ 43 (25.6%)
Antiy-AVL    2011.07.12    Trojan/win32.agent
Commtouch    2011.07.12    AndroidOS/GenBl.CD34DD20!Olympus
DrWeb    2011.07.12    Android.Evan.7
Emsisoft    2011.07.12    Trojan-SMS!IK
Ikarus    T3.    2011.07.12    Trojan-SMS
Jiangmin    13.0.900    2011.07.11    Trojan/AndroidOS.b
K7AntiVirus    9.108.4894    2011.07.11    -
Kaspersky    2011.07.12    Trojan-SMS.AndroidOS.Adsms.c
Panda    2011.07.11    Android/AdSMS
Sophos    4.67.0    2011.07.12    Andr/AdSMS-A
TrendMicro    2011.07.12    AndroidOS_ADSMS.A
TrendMicro-HouseCall    2011.07.12    AndroidOS_ADSMS.A
MD5   : 4c8f01db58987c2c3321cdbbb1a2e67a


  1. It's not a new malware. See
    According to my tracking, the author was constantly updating it. So, some AV company in VirusTotal cann't detected it now.

  2. Thank you for the comment, I post all kinds of malware - new, old, so please don't hesitate to send.

  3. As you point out, it's not brand new. But since we didn't see a sample of it in the Contagio malware dump we thought we would contribute ours.