This threat may be downloaded from Chinese Android markets as Trojanized applications.
Android package file
The Trojan may arrive as the following APK package:
The following icon is displayed on the device once the application is installed:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Prevent processor from sleeping or screen from dimming.
- Make the phone vibrate.
- Open network connections.
- Access information about networks.
- Check the phone's current state.
- Access location information, such as Cell-ID or WiFi.
- Access location information, such as GPS information.
- Access information about the WiFi state.
- Read and write to external storage devices.
- Install a shortcut on the Home screen.
When the Trojan is executed, it attempts to download potentially malicious files from the following location:
The Trojan may also display ads when the app is running.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":