Analysis of Android Trojan Adrd

The trojan ADRD (aka HongTouTou), spreading through a number of forums and downloads, has been embedded into more than 10 legal applications. It can open several system services. It can also upload infected cell phone’s information (IMEI, IMSI, and version) to the control server every 6 hours and then receive its commands. In addition, it can obtain 30 URLs from the data server and access them individually. What’s worse, it can download an installation file (.apk) to a specified directory of the SD card. Infected cell phones will generate lots of network traffic and cause users a lot of extra expenses. Users can use our Android malware cleansing tool AVL for Android to detect whether the phone is infected or not, and then decide to delete corresponding applications.

The full analysis report can be downloaded from here.