Android package file
The Trojan may arrive as one of the following APK packages:
[APPLICATION NAME] may be one of the following:
- SMS Replier
- Mother's Day
The icon displayed on the device once the application is installed varies depending on the application.
When the Trojan is being installed, it requests permissions to perform the following actions:
- Send SMS messages.
- Open network connections.
- Check the phone's current state.
When the Trojan is executed, it obtains the phone number of the compromised device and sends an SMS to the device. The content of the text message may be one of the following:
Thank you for downloading Chinese New Year Countdown! Please make sure to check out all our other apps [http://]apps.iconosys.com
Thank you for downloading Mother's Day the APP from Iconosys. Today you can send kisses, hugs, cards, and photos of mom or you and mom. Enjoy!
The Trojan sends the same SMS message every time it is executed.
Next, the Trojan gathers personally identified information (PII), such as IMEI number and phone number, and sends it to the following location:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":