Android package file
The Trojan may arrive as a package with the following characteristics:
App for Android Devices (in Japanese)
When the Trojan is being installed, it requests permissions to perform the following actions:
- Check the phone's current state.
- Accesses the list of accounts in the Accounts Service.
- Open network connections.
- Read user's contacts data.
Once installed, the application will display an icon with the text App for Android Devices (in Japanese).
When the Trojan is executed, it displays two fake messages. Firstly, it displays a message stating that the app is initializing and then it displays a message stating that the app is not compatible with the device.
It then collects the following information from the device:
- Device phone number
- Names and email addresses stored in Contacts
The above information is then sent to the following location:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":