Android package file
The Trojan may arrive as a package with the following characteristics:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Read SMS messages on the device
- Send SMS messages
- Monitor incoming SMS messages
- Open network connections
The Trojan does not display a launcher.
The Trojan displays a notification bar to entice the user to click on it and download the Lottery Train app from the following location:
The notification bar says, "lottery train," and "2 yuan can change your luck, the next 570 million is waiting for you."
The Trojan monitors the device's received messages and forwards them to the following number:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":