Trojan:Android/FakeJobOffer.A

Classification

Category :

Malware

Type :

Trojan

Platform :

Android

Aliases :

Trojan:Android/FakeJobOffer.A

Summary

Trojan:Android/FakeJobOffer is trojanized app that display an image of a (fraudulent) job offer letter as part of a job offer scam.

Removal

Once the scan is complete, the F-Secure security product will ask if you want to uninstall the file, move it to the quarantine or keep it installed on your device.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

FakeJobOffer.A is a trojan used is propagating a job offer scam. It targets users in India and is distributed in a third party Android app market, where it is repackaged into legitimate Bollywood related applications such as Saavn and YouBolly.

Once installed, FakeJobOffer.A waits for the device to be rebooted to activate its malicious components. It then notifies the user about an incoming email from the Human Resource department, and proceeds to visit a website (http://ge.tt/api/1/files/4TcQx7Z/0/blob/x675) on the device’s browser.

The link directs the user to an image file of a job offer letter, informing that the user has been considered for a position at TATA Group, an Indian multinational conglomerate company. To arrange for a job interview, the user must first pay a refundable security deposit. The victim,obviously, will never get refunded as there is no job interview or even a job in the first place. It is all a scam.

This type of scam is neither new nor complicated. Similar offers have been circulating via emails and SMS messages since 2010 in India, but this incident marks the first time that such a scam is carried out through a trojanized Android application.