www.microsoft.com Open in urlscan Pro
2600:1408:c400:793::356e  Public Scan

Form analysis
1 forms found in the DOM

Name: searchForm — GET https://www.microsoft.com/en-us/search/explore

<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/search/explore" method="GET"
  data-seautosuggest="{&quot;queryParams&quot;:{&quot;market&quot;:&quot;en-us&quot;,&quot;clientId&quot;:&quot;7F27B536-CF6B-4C65-8638-A0F8CBDFCA65&quot;,&quot;sources&quot;:&quot;Iris-Products,DCatAll-Products,Microsoft-Terms&quot;,&quot;filter&quot;:&quot;+ClientType:StoreWeb&quot;,&quot;counts&quot;:&quot;1,5,5&quot;},&quot;familyNames&quot;:{&quot;Apps&quot;:&quot;App&quot;,&quot;Books&quot;:&quot;Book&quot;,&quot;Bundles&quot;:&quot;Bundle&quot;,&quot;Devices&quot;:&quot;Device&quot;,&quot;Fees&quot;:&quot;Fee&quot;,&quot;Games&quot;:&quot;Game&quot;,&quot;MusicAlbums&quot;:&quot;Album&quot;,&quot;MusicTracks&quot;:&quot;Song&quot;,&quot;MusicVideos&quot;:&quot;Video&quot;,&quot;MusicArtists&quot;:&quot;Artist&quot;,&quot;OperatingSystem&quot;:&quot;Operating System&quot;,&quot;Software&quot;:&quot;Software&quot;,&quot;Movies&quot;:&quot;Movie&quot;,&quot;TV&quot;:&quot;TV&quot;,&quot;CSV&quot;:&quot;Gift Card&quot;,&quot;VideoActor&quot;:&quot;Actor&quot;}}"
  data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
  data-m="{&quot;cN&quot;:&quot;GlobalNav_Search_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c1c9c4c1m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c1c9c4c1m1r1a1&quot;}" aria-expanded="false"
  style="overflow-x: visible;">
  <div class="x-screen-reader" aria-live="assertive"></div>
  <input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
    name="q" role="combobox" placeholder="Search Microsoft.com" data-m="{&quot;cN&quot;:&quot;SearchBox_nav&quot;,&quot;id&quot;:&quot;n1c3c1c9c4c1m1r1a1&quot;,&quot;sN&quot;:1,&quot;aN&quot;:&quot;c3c1c9c4c1m1r1a1&quot;}" data-toggle="tooltip"
    data-placement="right" title="Search Microsoft.com" style="overflow-x: visible;">
  <button id="search" aria-label="Search Microsoft.com" class="c-glyph" data-m="{&quot;cN&quot;:&quot;Search_nav&quot;,&quot;id&quot;:&quot;n2c3c1c9c4c1m1r1a1&quot;,&quot;sN&quot;:2,&quot;aN&quot;:&quot;c3c1c9c4c1m1r1a1&quot;}" data-bi-mto="true"
    aria-expanded="false" style="overflow-x: visible;">
    <span role="presentation" style="overflow-x: visible;">Search</span>
    <span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip" style="overflow-x: visible;">Search Microsoft.com</span>
  </button>
  <div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group" style="overflow-x: visible;">
    <ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
      data-m="{&quot;cN&quot;:&quot;search suggestions_cont&quot;,&quot;cT&quot;:&quot;Container&quot;,&quot;id&quot;:&quot;c3c3c1c9c4c1m1r1a1&quot;,&quot;sN&quot;:3,&quot;aN&quot;:&quot;c3c1c9c4c1m1r1a1&quot;}" style="overflow-x: visible;"></ul>
    <ul class="c-menu f-auto-suggest-no-results" aria-hidden="true" data-js-auto-suggest-postion="default" data-js-auto-suggest-position="default" role="listbox" style="overflow-x: visible;">
      <li class="c-menu-item" style="overflow-x: visible;"> <span tabindex="-1" style="overflow-x: visible;">No results</span></li>
    </ul>
  </div>
</form>

Text Content

Skip to main content

Because your browser does not support JavaScript you are missing out on on some
great image optimizations allowing this page to load faster.


Skip to main content
Microsoft
Microsoft Security Intelligence
Microsoft Security Intelligence
Microsoft Security Intelligence
 * Home
 * Threats
 * Blogs
 * Downloads
    * Updates Updates
      * Antimalware updates
      * Definition change log
    * Security software Security software
      * Windows security
      * Microsoft Defender ATP
      * Microsoft Threat Protection
    * Cleanup tools Cleanup tools
      * Malicious Software Removal Tool (MSRT)
      * Safety Scanner
      * Microsoft Defender Offline

 * Submissions
    * Submit a file
    * View submission history
    * Report unsafe site
    * Attack surface reduction

 * Help
    * Safety tips Safety tips
      * Sources of infection
      * Avoid tech support scams
      * Troubleshoot detection and removal
      * Up-to-date software
    * Developer resources
    * Our methodologies Our methodologies
      * Threat naming
      * Threat identification criteria
    * Security industry alliances

 * More

 * All Microsoft
   
   
    * GLOBAL
      
      * Microsoft Security
      * Azure
      * Dynamics 365
      * Microsoft 365
      * Microsoft Teams
      * Windows 365
    * Tech & innovation Tech & innovation
      * Microsoft Cloud
      * AI
      * Azure Space
      * Mixed reality
      * Microsoft HoloLens
      * Microsoft Viva
      * Quantum computing
      * Sustainability
    * Industries Industries
      * Education
      * Automotive
      * Financial services
      * Government
      * Healthcare
      * Manufacturing
      * Retail
      * All industries
    * Partners Partners
      * Find a partner
      * Become a partner
      * Partner Network
      * Azure Marketplace
      * AppSource
    * Resources Resources
      * Blog
      * Microsoft Advertising
      * Developer Center
      * Documentation
      * Events
      * Licensing
      * Microsoft Learn
      * Microsoft Research
    * View Sitemap


Search Search Microsoft.com
 * No results

Cancel 0 Cart 0 items in shopping cart
Sign in to your account
Sign in

Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week
of May 20, 2024. In case your tenant requires admin consent, please refer to
this document located at Overview of user and admin consent - Microsoft Entra ID
| Microsoft Learn and grant access to App ID:
6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for
Directory.Read.All and User.Read for continued access. While the app may appear
unverified, you can confirm its legitimacy by verifying the App ID provided.
Provide feedback

We're gradually updating threat actor names in our reports to align with the new
weather-themed taxonomy. Learn about Microsoft threat actor names

Trojan:AndroidOS/Plankton.A
Published Jun 22, 2011 | Updated Sep 15, 2017
Learn about other threats


TROJAN:ANDROIDOS/PLANKTON.A

Detected by Microsoft Defender Antivirus

Aliases: Android.Plankton.1 (Dr.Web) Android/Plankton.A trojan (ESET)
Trojan.AndroidOS (Ikarus) Trojan.AndroidOS.Plangton.b (Kaspersky)
Andr/Plankton-A (Sophos) AndroidOS_ABRUNLOCKR.A (Trend Micro)


SUMMARY

Trojan:AndroidOS/Plankton.A is a trojan that affects devices running the Android
operating system, such as mobile phones. It may arrive as part of repackaged
Android applications and downloaded from third-party Android application
markets. Once the application is installed, it collects information about the
mobile device and performs actions based on instructions from a remote attacker.


TECHNICAL INFORMATION

--------------------------------------------------------------------------------


THREAT BEHAVIOR

Trojan:AndroidOS/Plankton.A is a trojan that affects devices running the Android
operating system, such as mobile phones. It may arrive as part of repackaged
Android applications and downloaded from third-party Android application
markets. Once the application is installed, Plankton.A runs in the background as
the service "AndroidMDKProvider".

PAYLOAD

Downloads other components
The malicious service sends HTTP POST requests in the background to the server
"searchwebmobile.com" and waits for a reply. The reply contains a download URL
for a file that may be updated on the server's end. As of this writing, it
downloads a JAR file containing a "classes.dex" file (also detected as
Trojan:AndroidOS/Plankton.A) that is installed via the "DexClassLoader" object.
This type of installation bypasses Android market's application verification.

Perform functions based on commands

Trojan:AndroidOS/Plankton.A can act as a command-and-control (C&C) server and
wait for several commands to perform the following actions:

 * /activate - responds to requests for activation
 * /homepage - sets homepage of the device's browser
 * /commandstatus - receives status from the server if a failure or successful
   routine occurs
 * /bookmarks - gets and sets bookmarks
 * /shortcuts - gets and sets application shortcuts
 * /history - gets history of browsing habits
 * /terminate - terminates the service
 * /status - returns whether to add, delete, update, or check if it exists in
   the device
 * /dumplog - gets the log of acquired debug information from the device which
   can be sent as a ZIP archive
 * /unexpectedexception - returns when an error occurs
 * /installation - installs downloaded file or upgrades installation to a new
   downloaded file

Collects information
Trojan:AndroidOS/Plankton.A can collect the following information from the
compromised device and send it to a server via HTTP POST:

 * Application ID
 * Brand
 * Build number
 * Developer ID
 * Device
 * Display metrics
 * IMEI
 * Locale
 * Protocol version
 * SDK version
 * Source IP
 * User Agent
 * User ID
 * Version release

Analysis by Marianne Mallen


PREVENTION

Take these steps to help prevent infection on your computer.


SYMPTOMS

--------------------------------------------------------------------------------




DEVICE CHANGES

The following device changes may indicate the presence of this malware:

 * The presence of the following service:
   "AndroidMDKProvider"

Follow us
 * 
 * 
 * 

What's new
 * Surface Pro
 * Surface Laptop
 * Surface Laptop Studio 2
 * Surface Laptop Go 3
 * Microsoft Copilot
 * AI in Windows
 * Explore Microsoft products
 * Windows 11 apps

Microsoft Store
 * Account profile
 * Download Center
 * Microsoft Store support
 * Returns
 * Order tracking
 * Certified Refurbished
 * Microsoft Store Promise
 * Flexible Payments

Education
 * Microsoft in education
 * Devices for education
 * Microsoft Teams for Education
 * Microsoft 365 Education
 * How to buy for your school
 * Educator training and development
 * Deals for students and parents
 * Azure for students

Business
 * Microsoft Cloud
 * Microsoft Security
 * Dynamics 365
 * Microsoft 365
 * Microsoft Power Platform
 * Microsoft Teams
 * Microsoft 365 Copilot
 * Small Business

Developer & IT
 * Azure
 * Developer Center
 * Documentation
 * Microsoft Learn
 * Microsoft Tech Community
 * Azure Marketplace
 * AppSource
 * Visual Studio

Company
 * Careers
 * About Microsoft
 * Company news
 * Privacy at Microsoft
 * Investors
 * Diversity and inclusion
 * Accessibility
 * Sustainability

English (United States) Your Privacy Choices Opt-Out Icon Your Privacy Choices
Your Privacy Choices Opt-Out Icon Your Privacy Choices Consumer Health Privacy
 * Sitemap
 * Contact Microsoft
 * Privacy
 * Manage cookies
 * Terms of use
 * Trademarks
 * Safety & eco
 * Recycling
 * About our ads
 * © Microsoft 2024

Debug Version = 1.0.0.0;

Send us feedback


Tell us about your experience
Submit feedback
Thank you for your feedback