Worm:Android/Samsapo

Classification

Category :

Malware

Type :

Worm

Platform :

Android

Aliases :

Android/Samsapo.A

Summary

Worm:Android/Samsapo sends an SMS message to all the contacts listed in the device. The message contains a link which on clicking takes the user to a malicious APK package.

Removal

Once the scan is complete, the F-Secure security product will ask if you want to uninstall the file, move it to the quarantine or keep it installed on your device.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Worm:Android/Samsapo.A appears to be a system utility program. On installation however, it performs multiple malicious routines, including downloading additional malicious files onto the device, harvesting and sending details from the device to a remote server and registering the phone number to a premium-rate service.

In behavior reminiscent of PC-based worms, Samsapo also distributes a link to a malicious file in an SMS message sent to all listed contacts.

Samsapo appears to be targeted to Russian Android users.

For more details, see: