Android package file
The Trojan may arrive as a package with the following characteristics:
wifi signal Fix
When the Trojan is being installed, it requests permissions to perform the following actions:
- Use the device's mic to record audio.
- Open network connections.
- Check the phone's current state.
- Start once the device has finished booting.
- Read user's contacts data.
- Read SMS messages on the device.
- Send SMS messages.
- Initiate a phone call without using the Phone UI or requiring confirmation from the user.
- Access location information, such as Cell-ID or WiFi.
- Access location information, such as GPS information.
- Write to external storage devices.
- Access information about the WiFi state.
- Change WiFi connectivity state.
- Prevent processor from sleeping or screen from dimming.
- Read or write to the system settings.
- Read or write the secure system settings.
- Mount and unmount file systems for removable storage.
- Access information about currently or recently run tasks.
Once installed, the application will have no launcher.
The Trojan collects the following information from the compromised computer:
- Sends SMS messages
- Forces the phone to stay on
- Collect call log
- Collect contacts
- Collect installed apps
- Collect GPS location
- Collect memory size available on phone memory
- Collect SD memory size available
- List all files on SD with timestamps
- Collect incoming SMS messages
- Collect outgoing SMS messages
- List of apps currently running
- Collect total amount of RAM
- Status of WiFi being on or off
- List all files on phone memory with timestamps
- Deletes files on SD card
The Trojan then sends the collected information to the following remote location:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":