1. /
  2. Security Response/
  3. Android.Skullkey


Risk Level 1: Very Low

July 23, 2013
July 25, 2013 10:30:56 AM
Infection Length:
Systems Affected:
Android.Skullkey is a Trojan horse for Android devices that gives the attacker remote control of the compromised device to perform malicious activity.

Android package file
The Trojan must be manually downloaded and installed. It generally arrives within a repackaged .apk file from a legitimate application. The package name, publisher, and other details will vary and may be taken directly from the original application.

The Trojan may arrive as a package with the following characteristics:

Package names: com.hk515.doctor, com.hk515.activity

Malicious code is inserted in the package in the following locations:
  • com.google.safemain
  • com.google.service

Antivirus Protection Dates

  • Initial Rapid Release version July 23, 2013 revision 023
  • Latest Rapid Release version August 5, 2013 revision 033
  • Initial Daily Certified version July 23, 2013 revision 024
  • Latest Daily Certified version August 6, 2013 revision 002
  • Initial Weekly Certified release date July 24, 2013
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment


  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy


  • Damage Level: Medium
  • Payload: Opens a back door and sends premium SMS messages.
  • Releases Confidential Info: Steals information from the compromised device.
  • Compromises Security Settings: Disables certian security apps.


  • Distribution Level: Low
Note: On May 14, 2015, modifications will be made to the threat write-ups to streamline the content. The Threat Assessment section will no longer be published as this section is no longer relevant to today's threat landscape. The Risk Level will continue to be the main threat risk assessment indicator.
Writeup By: Joseph Bingham

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report