Android package file
The Trojan may arrive as a package with the following characteristics:
Robot[THREE CHINESE CHARACTERS]
When the Trojan is being installed, it requests permissions to perform the following actions:
- Read user's contacts data
- Create new contact data
- Write to external storage devices
- Open network connections
Once installed, the application will display a white and blue icon that includes the Android logo with a grid design.
When the Trojan executes, it disguises itself as a contact management tool.
It then gathers the following information from the user's list of contacts:
- Phone number
The Trojan saves this information in a plain text file called contact_backup.txt. The file is stored in the root path of the device's SD card.
Next, the Trojan uploads the file to the following URL:
The Trojan then calculates the file's MD5 hash and sends it to the following email address:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":