When the Trojan is being installed, it requests permissions:
- Open network connections.
- Check the phone's current state.
- Read user's contacts data.
The Trojan steals the Contacts information from the compromised device and uploads it to the following location:
[http://]depot.bulks.jp/get[TWO RANDOM NUMBERS].php
It also attempts to download a video from the following URL and display it:
[http://]depot.bulks.jp/movie/movie[TWO RANDOM NUMBERS].mp4
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":