This threat is packaged in ebooks and typically found on websites and forums in China.
Android package file
The Trojan may arrive as one of the following APK packages:
One of the following icons may be displayed on the device once the application is installed:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Start once the device has finished booting.
- Open network connections.
- Access information about networks.
- Check the phone's current state.
- Access location information, such as Cell-ID or WiFi.
- Access location information, such as GPS information.
- Access information about the WiFi state.
- Read and write to external storage devices.
When the Trojan is executed, it steals information from the device that includes the following:
- Phone type
- IMEI number
- Android OS version
- Screen size
It sends the stolen information to one of the following locations:
It then attempts to download advertisements to display on the device.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":