alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/HippoSms Method Request to CnC"; flow:established,to_server; http.uri; content:"/clientRequest.htm?method="; nocase; pcre:"/^(?:update|startcharge)/Ri"; content:"&os="; content:"&brand="; nocase; content:"&sdkVersion="; nocase; reference:url,www.fortiguard.com/encyclopedia/virus/android_hipposms.a!tr.html; classtype:command-and-control; sid:2013299; rev:4; metadata:affected_product Android, attack_target Client_Endpoint, created_at 2011_07_23, deployment Perimeter, signature_severity Critical, tag Android, updated_at 2020_04_21;)