Android package file
The Trojan may arrive as a package with the following name:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Change audio settings.
- Access the list of accounts in the Accounts Service.
- Prevent processor from sleeping or screen from dimming.
- Read user's contacts data.
- Check the phone's current state.
- Change the phone state, such as powering it on and off.
- Initiate a phone call without using the Phone UI or requiring confirmation from the user.
- Open network connections.
- Read SMS messages on the device.
- Send SMS messages.
- Monitor, modify, or end outgoing calls.
- Monitor, modify, or end incoming calls.
- Call any phone number without going through the Dialer user interface.
- Broadcast sticky intents.
- Write to external storage devices.
- Use the device's mic to record audio.
When the Trojan is executed, it collects the following information:
- Device information (e.g. name of the device, etc.)
- Phone number
- User's email address
It then sends the stolen information to the following location:
It also sends SMS text messages to the following Indian-based number:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":