1. /
  2. Security Response/
  3. Android.Penetho

Android.Penetho

Updated:
October 1, 2012 11:01:46 AM
Risk Impact:
Low
Systems Affected:
Android
Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: com.h1xumz.penetratepro
Publisher: penetrate.underdev.org
Version: 4.8.3
Name: Penetrate Pro


Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
  • Access coarse location, e.g. Cell-ID, WiFi
  • Access information about networks, including WiFi
  • Allow read-only access to the phone state
  • Change the Wi-Fi connectivity state
  • Install a shortcut
  • Open network sockets
  • Use PowerManager WakeLocks to keep the processor from sleeping or the screen from dimming
  • Write to external storage devices


Installation
Once installed, the application displays an icon with the text of "Penetrate Pro".



Functionality
The program downloads a dictionary from the following location:
penetrate.underdev.org

It then cracks the WiFi login password for the router that the device is using.
Writeup By: Daniel Xiang
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver