Android package file
The Trojan may arrive as a package with the following characteristics:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Create new SMS messages
- Monitor incoming SMS messages
- Open network connections
- Prevent processor from sleeping or screen from dimming
- Read SMS messages on the device
- Read user's contacts data
- Send SMS messages
- Start once the device has finished booting
- Switch application components on or off
- Write to external storage devices
Once installed, the application will display an icon with an image of a cartoon police officer and the following text:
The Trojan claims to be a games installer.
When executed, the Trojan will remove its icon from the applications list and begin installing a game.
The Trojan will then contact one of the following remote locations:
The Trojan will request the following from the above remote location:
Spam message text
List of phone numbers
Next, the Trojan will send spam SMS messages to each of the numbers on the list.
When a spam message is sent to a number, the Trojan sends the number back to the above remote location.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":