Android package file
The Trojan may arrive as a package with the following characteristics:
- Body Rentgen Installer
- Body Rentgen
- System Media Library
When the Trojan is being installed, it requests permissions to perform the following actions:
- Open network connections
- Check the phone's current state
- Access information about networks
- Send and monitor SMS messages
- Start once the device has finished booting
Once installed, the application will display either an icon with an image of a gray bone on a black background or a silver cogwheel on a white background.
When the Trojan is executed, it asks the user to install additional libraries.
Once the user clicks Install, two additional malicious applications are installed on the compromised device.
Next, the Trojan may gather the following information from the compromised device:
- Phone number
- Integrated circuit card identifier (ICCID)
- Network operator
- Device identification number
It will then send the above information to the following remote locations:
The Trojan may then send SMS messages from the device to a predetermined number.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":