This threat masquerades as a Japanese fortune telling application.
Android package file
The Trojan may arrive as the following APK package:
The following icon is displayed on the device once the application is installed:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Initiate a phone call without using the Phone UI or requiring confirmation from the user.
- Open network connections.
- Check the phone's current state.
- Read user's contacts data.
- Access information about networks.
- Access location information, such as Cell-ID or WiFi.
- Access location information, such as GPS information.
When the Trojan is executed, it steals the following information from the device:
- Phone number
- IMEI number
- IMSI number
- Address book
It sends the gathered information in an HTTP post package to the following location:
The following screen shot is displayed when the application is run:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":