Android package file
The Trojan may arrive as a package with the following name:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Access and change information about Wi-Fi networks
- Allow read-only access to phone state
- Monitor incoming SMS messages, to record or perform processing on them
- Open network sockets
- Read SMS messages
- Send SMS messages
- Use PowerManager WakeLocks to keep the processor from sleeping or the screen from dimming
- Write SMS messages
Once installed, the application will display a new icon on the device.
When the Trojan is executed, it may display the following message:
If you want to activate the full version, please send an SMS and it charges 2 Yuan. Customer Service Phone number:010-84681340-8035.
Next, the Trojan gathers the IMEI number from the device.
It sends the above information in an SMS message to the following phone number:
The Trojan also sends the stolen information to the following remote location:
Next, the Trojan deletes all SMS messages that come from the following phone number:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":