When the Trojan is being installed, it requests permissions:
- Open network connections.
- Write to external storage devices.
- Send SMS messages.
- Allows mounting and unmounting file systems for removable storage.
- Check the phone's current state.
- Access information about networks.
- Read and write information about the owner of the device.
- Broadcast a notification that an application package has been removed.
- Allows packages to be installed.
- Start once the device has finished booting.
The Trojan steals all the information from the device, including contacts, SMS, GPS data, and images, and uploads it to the following location:
It creates following files to store stolen data:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":