Android package file
The Trojan may arrive as a package with one of the following names:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Access information about networks
- Access location (e.g. Cell-ID, GPS, WiFi)
- Allow read-only access to phone state
- Open network sockets
- Read from and write to an external storage device
Once installed, the application may display new icons on the device.
The Trojan then downloads a file onto the compromised device.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":