Android package file
The Trojan may arrive as a package with the following characteristics:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Read user's contacts data.
- Open network connections.
- Access list of accounts in the Accounts Service.
- Write to external storage devices.
- Check the phone's current state. (sub app)
- Initiate a phone call without user confirmation. (sub app)
Once installed, the application will display an pink heart icon with Korean text (translated "LoveTalk").
If the sub app is installed, it may display an Android green robot icon with text "Google Service".
The Trojan will send the compromised device's contacts and Skype user information to the following domain:
The Trojan then attempts to install another app from its assets folder named "Google Service" which can end any incoming call and hide its icon from view.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":