“Battery Doctor” Android Scareware
A new “scareware” targeting mobile devices running Google’s Android operating system claims that it has the ability to recharge the battery, but in reality it is designed to steal information.
When the program first executes, the overview window shown below appears. As you can see, it shows information about the battery and running applications and the second pie-chart on the right side of the screen shows the available storage space.
The program loads as a service called NotifAdSDK which checks in (and sends your profile information) every four hours.
Battery Doctor sends the following information about your device to its home server “push.m[xxxx]ze.com”:
-Its screen size
-The version of the browser and OS on the device
-The program which is generating the traffic (com.androidupgrade.battery) and its version
-The name of the campaign
-The device’s manufacturer and model
-The network the device uses
-The phone’s coarse (mobile network) or fine (GPS) location
-The IMEI and phone number
-The app’s API key
-A unique identifier for the device
Thanks Sandip for analyzing the sample. Quick Heal Mobile Security detects the file as Android.Batterydoctor.A.
Users are advised to install applications and games from the trusted Google Play (previously the Android Market) store only.