1. /
  2. Security Response/
  3. Android.Cobblerone

Android.Cobblerone

Updated:
November 15, 2011 2:38:46 PM
Type:
Spyware
Infection Length:
Varies
Name:
Spy Phone Location Sms Control, Spy Phone Location Remote SMS
Publisher:
LiuZhonglin, Liu Zhonglin
Risk Impact:
High
Systems Affected:
Android
Android package file
The risk arrives as one of the following application packages:

Free version:
APK: com.FourCobblers.Free.PhoneLock.apk
Publisher: LiuZhonglin
Marketplace Name: Spy Phone Location Sms Control

Paid version:
APK: com.FourCobblers.PhoneLock.apk
Publisher: Liu Zhonglin
Marketplace Name: Spy Phone Location Remote SMS



Installation
The program must be manually installed.

The application will create an icon that depicts a blue padlock.


This icon will have the following name:
-NotePad



Permissions
When the risk is being installed, it requests permissions to perform the following actions:

  • Write to external storage devices.
  • Check the phone's current state.
  • Monitor incoming SMS messages.
  • Send SMS messages.
  • Access location information, such as Cell-ID or WiFi.
  • Access location information, such as GPS information.
  • Access information about networks.
  • Access information about the WiFi state.
  • Open network connections.
  • Update device statistics.
  • Change Wi-Fi connectivity state.
  • Prevent processor from sleeping or screen from dimming.



System monitoring
The application then listens for special commands sent using SMS messages. If a specific SMS is received, the application will send back the location of the device.

Device modifications

The application can also listen for a second, specific SMS message that, if received, will perform a factory reset, clearing all user data from the device.

Functionality
If the application is launched from the menu, it asks for a password for access. If the correct password is entered, a configuration menu is displayed. If an incorrect password is entered, an empty text editor is opened.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver