Android package file
The Trojan may arrive as a package with one of the following names:
TuneHopper Free Fan App
Plants vs Zombies Free Fan App
When the Trojan is being installed, it requests permissions to perform the following actions:
- Open network connections.
- Start once the device has finished booting.
- Access information about networks.
- Access location information, such as GPS information.
- Access location information, such as Cell-ID or WiFi.
- Write to external storage devices.
- Check the phone's current state.
- Access extra location provider commands
- Make the phone vibrate.
- Prevent processor from sleeping or screen from dimming.
- Read and write the user's browsing history and bookmarks.
Once installed, the application will display one of the following screenshots:
If the Start
button is pressed, the following screenshot is displayed:
If the user presses the Download [APP NAME]
button, the following screenshot stating that the game is unavailable is displayed:
Android.Fakeapp may also arrive bundled with a legitimate application. When the user installs it, the legitimate application is installed along with the risk.
The game view only displays an image:
It then downloads configuration files to display advertisements. It also collects information, such as IMEI and phone number, from the compromised device and sends it to the following location:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":