Android package file
The Trojan may arrive as a package with the following characteristics:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Open network connections
- Allow access to accounts listed in the Accounts Service
Once installed, the application will display a green icon with "Balloon Pop 2" written in blue text.
The Trojan poses as a game called Balloon Pop 2.
When the app is opened, the Trojan will display the game on the compromised device.
The Trojan will then steal communications from the following application:
The Trojan then sends the stolen information to the following remote location:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":