It's almost the end of 2011. What with Christmas recently passed, and the New Year coming up, there's naturally a lot of well wishes and holiday greetings being messaged around. Looks like somebody's decided to join in (a little late) — and also do a bit of data harvesting at the same time.
Spyware:Android/AdBoo.A appears to be one of those programs that lets you send witty/sweet/funny messages to your contacts. On execution, it displays a list of text messages that fall into different categories: new year wishes, friendship, love and jokes:
When the user selects one of these messages, the app prompts a dialog box asking for the next action: Contact, Edit or Cancel:
If Contact is chosen, the app tries to read the stored contact data. Presumably, it needs to know to whom to send the message:
During our initial analysis, because the test phone didn't have any stored contacts, the app didn't retrieve anything at this point.
However, when AdBoo was retested with (bogus) contacts present, no text message was sent then either — AdBoo only produces a dialog box with the message "Sending fail":
We noticed that the app did do something else though. On selecting the Contacts options, it silently obtained the following information from the device:
1) Phone Model 2) Android Version 3) Phone number 4) International Mobile Equipment Identity (IMEI) number
The harvested details are then forwarded to remote server.
Incidentally, looking at the certificate for this variant of AdBoo, it appears to be from the same developer as Zsone.A: