1. Symantec/
  2. Security Response/
  3. Android.Sandorat

Android.Sandorat

Risk Level 1: Very Low

Discovered:
November 7, 2014
Updated:
November 12, 2014 2:34:38 PM
Type:
Trojan
Infection Length:
Varies
Systems Affected:
Android
Android.Sandorat is a Trojan horse for Android devices that opens a back door on the compromised device. It also steals information.




Android package file
The Trojan may arrive as a package with the following characteristics:

Package name:
  • com.gn.cleanmasterpro
  • com.rootuninstaller.ramboosterpro
  • com.piriform.ccleaner
  • com.jasmcole.wifisolver
  • com.zero1.sandrorat
  • com.gmail.heagoo.apkeditor.pro
  • com.zero1.sandrorat
  • com.and.games505.TerrariaPaid
  • com.flyersoft.moonreaderp
  • com.devasque.fmount
  • com.appstar.callrecorderpro
  • com.mg.android
APK:
  • AndroidCleaner.apk
  • SmartRAMBooster.apk
  • CCleaner.apk
  • WiFi Solver FDTD v2.4.apk
  • APK Editor Pro v1.1.6.apk
  • SandroRat.apk
  • Folder_mount.apk
  • DroidJack.jar
  • Automatic_call.apk
  • weatherpro_premium_v3.5.apk
Version: Varies
Name: Varies


Installation
The Trojan arrives packaged with other trojanized applications and will display the icon of the application it was installed with.

Antivirus Protection Dates

  • Initial Rapid Release version November 7, 2014 revision 005
  • Latest Rapid Release version September 22, 2017 revision 023
  • Initial Daily Certified version November 7, 2014 revision 018
  • Latest Daily Certified version July 31, 2017 revision 004
  • Initial Weekly Certified release date November 12, 2014
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Mark Anthony Balanza

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube