When installing the Trojan, it will ask for one or more of the following permissions:
- Read or write to the system settings.
- Send SMS messages.
- Write to external storage devices.
- Open network connections.
- Access information about networks.
- Check the phone's current state.
- Monitor incoming SMS and MMS messages.
- Change the background wallpaper.
- Prevent processor for sleeping or screen from dimming.
- Change network connectivity stat.
- Start once the device has finished booting.
The Trojan then creates services with the following names:
The Trojan also creates two icons:
It also changes the Live Wallpaper to "Beziers":Information theft
The Trojan then collects the following information from the device:
- Phone number
- Android OS version
The Trojan sends the gathered information to one of the following URLs:
The Trojan also tries to update itself from one of these URLs.Revenue Generation
The Trojan then prompts the user that it will send two SMS messages to premium-rate numbers:
The Trojan will send the SMS messages regardless of the option the user chooses.
The Trojan then installs an SMS monitoring service.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":