Android package file
The Trojan may arrive as a package with one of the following names:
[RUSSIAN CHARACTERS] Jimm (Install Jimm)
When the Trojan is being installed, it requests permissions to perform the following actions:
- Access information about networks
- Access information about the WiFi state
- Access location information, such as Cell-ID or WiFi
- Access account information
- Collect battery statistics
- Monitor incoming SMS messages
- Open network locations
- Send SMS messages
- Write to external storage
Once installed, the application will display a green icon.
The Trojan may send SMS messages that contain the message body 48876374538 to the premium-rate number 5537.
When the Trojan is executed, it installs a malicious APK and launches it.
The Trojan appears to install Jimm (a popular mobile ICQ application in Russian-speaking countries).
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":