Android.Fakenotify is known to be hosted on a fake Android Market.
When the Trojan is being installed, it requests permissions to perform the following actions:
- Check the phone's current state
- Access information about networks
- Send SMS messages
- Open network connections
- Write to external storage devices
- Installs packages
- Deletes packages
When the Trojan is installed, it displays the following message on the device:
If the user presses Agree
, it sends an SMS message to the number 5537.
It then opens the following URL on the device's Web browser to download legitimate apps:
[REMOVED]eriodically displays the following URL in the device's Web browser:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":