Android package file
The Trojan arrives as an application package with the following details:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Access the list of accounts in the Accounts Service.
- Open network connections.
- Access location information, such as GPS information.
- Start once the device has finished booting.
When the Trojan is executed, it registers itself to execute every five minutes or when the device starts.
It then opens the following URL and displays a page attempting to coerce the user into paying for a pornographic service:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":