1. /
  2. Security Response/
  3. Android.Laucassspy

Android.Laucassspy

Updated:
September 27, 2012 9:55:54 AM
Risk Impact:
Medium
Systems Affected:
Android
Android package file
The spyware program may arrive as a package with the following characteristics:

Package name: com.laucass.androsmscontrol


Permissions
When the spyware is being installed, it requests permissions to perform the following actions:
  • Access information about, and change the WiFi state
  • Access location information, GPS, Cell-ID, or WiFi
  • Change the phone state, such as powering it on and off
  • Check the phone's current state
  • Create, read, and send SMS messages on the device
  • Discover and connect to paired Bluetooth devices
  • Modify global audio settings
  • Monitor incoming SMS and MMS messages
  • Monitor, modify, or end outgoing calls
  • Open network connections
  • Read and write the secure system settings
  • Read or write to the system settings
  • Read the browsing history and bookmarks
  • Read user's contacts data
  • Start once the device has finished booting
  • Use the microphone on the device to record audio
  • Write to external storage devices


Installation
The program must be installed manually. Once installed, the program does not display an icon.


Functionality
The spyware creates the following receivers:
  • AndroSmsControlReceiver
  • PhoneControlDeviceAdminReceiver

Next, it creates the following service:
AndroSmsControlService

The above service is started once any of the following commands are sent to the receivers:
  • android.provider.Telephony.SMS_RECEIVED
  • android.intent.action.NEW_OUTGOING_CALL
  • android.intent.action.USER_PRESENT
  • android.intent.action.BOOT_COMPLETED
  • android.net.conn.CONNECTIVITY_CHANGE
  • android.intent.action.PHONE_STATE
  • android.intent.action.NEW_INCOMING_SMS
  • android.intent.action.NEW_OUTGOING_SMS
  • android.intent.action.NEW_INCOMING_MMS
  • android.intent.action.NEW_OUTGOING_MMS
  • android.intent.action.NEW_PICTURE
  • android.intent.action.NEW_VIDEO


The program may also perform the following actions when predetermined keywords are present in SMS messages:
  • Clear application configuration
  • Forward applications list
  • Forward bookmarks and visited URL history
  • Forward contacts list
  • Start or stop audio recording
  • Start or stop phone monitoring
  • Switch GPS on or off
  • Switch WiFi on or off


System monitoring
The program is capable of sending the following information within a hidden file to the remote attacker in an SMS message or in email format:
  • Phone call notifications
  • Phone calls as an audio file
  • Phone location
  • Pictures and videos taken with the phone
  • SMS and MMS messages
Writeup By: Tommy Dong
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver