Android package file
The Trojan may arrive as a package with the following characteristics:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Check the phone's current state
- Access information about networks
- Send SMS messages
- Monitor incoming SMS messages
- Open network connections
- Start once the device has finished booting
- Write to external storage devices
Once installed, the application will display a circular white logo with a blue "A" inside it with the title "anb mToken"
The Trojan must be manually installed on the device. Once executed, the Trojan displays the following image:
The Trojan may intercept SMS messages received on the device and forward them to the following phone number:
The Trojan may then receive commands from the attacker.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":