Android package file
The spyware program may arrive as a package with the following characteristics:
Package name: com.laucass.androsmscontrol
Permissions
When the spyware is being installed, it requests permissions to perform the following actions:
- Access information about, and change the WiFi state
- Access location information, GPS, Cell-ID, or WiFi
- Change the phone state, such as powering it on and off
- Check the phone's current state
- Create, read, and send SMS messages on the device
- Discover and connect to paired Bluetooth devices
- Modify global audio settings
- Monitor incoming SMS and MMS messages
- Monitor, modify, or end outgoing calls
- Open network connections
- Read and write the secure system settings
- Read or write to the system settings
- Read the browsing history and bookmarks
- Read user's contacts data
- Start once the device has finished booting
- Use the microphone on the device to record audio
- Write to external storage devices
Installation
The program must be installed manually. Once installed, the program does not display an icon.
Functionality
The spyware creates the following receivers:
- AndroSmsControlReceiver
- PhoneControlDeviceAdminReceiver
Next, it creates the following service:
AndroSmsControlService
The above service is started once any of the following commands are sent to the receivers:
- android.provider.Telephony.SMS_RECEIVED
- android.intent.action.NEW_OUTGOING_CALL
- android.intent.action.USER_PRESENT
- android.intent.action.BOOT_COMPLETED
- android.net.conn.CONNECTIVITY_CHANGE
- android.intent.action.PHONE_STATE
- android.intent.action.NEW_INCOMING_SMS
- android.intent.action.NEW_OUTGOING_SMS
- android.intent.action.NEW_INCOMING_MMS
- android.intent.action.NEW_OUTGOING_MMS
- android.intent.action.NEW_PICTURE
- android.intent.action.NEW_VIDEO
The program may also perform the following actions when predetermined keywords are present in SMS messages:
- Clear application configuration
- Forward applications list
- Forward bookmarks and visited URL history
- Forward contacts list
- Start or stop audio recording
- Start or stop phone monitoring
- Switch GPS on or off
- Switch WiFi on or off
System monitoring
The program is capable of sending the following information within a hidden file to the remote attacker in an SMS message or in email format:
- Phone call notifications
- Phone calls as an audio file
- Phone location
- Pictures and videos taken with the phone
- SMS and MMS messages
