1. Symantec/
  2. Security Response/
  3. Android.Fakelogin

Android.Fakelogin

Risk Level 1: Very Low

Discovered:
October 18, 2015
Updated:
October 21, 2015 10:13:11 AM
Type:
Trojan
Infection Length:
Varies
Systems Affected:
Android
Android.Fakelogin is a Trojan horse for Android devices that steals information from the compromised device.



Android package file
The Trojan may arrive as a package with the following characteristics:

Package name:
com.android.innus
Version number: 1.0
App name: Settings [IN RUSSIAN]


Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
  • Open network connections
  • Create new SMS messages
  • Read SMS messages on the device
  • Send SMS messages
  • Monitor incoming SMS messages
  • Prevent processor from sleeping or screen from dimming
  • Check the phone's current state
  • Start once the device has finished booting
  • Access information about networks
  • Change network connectivity state
  • Access list of accounts
  • Access list of current or recently running tasks
  • Display alerts
  • End background processes
  • Disable KeyGuard, which can be used to lock or unlock the keypad
  • Read user's contacts data
  • Initiate a phone call without using the Phone UI or requiring confirmation from the user
  • Access location information, such as Cell-ID or Wi-Fi
  • Access location information, such as GPS information
  • Read user's call log
  • Read browser history and bookmarks
  • Read or write to the system settings

Installation
Once installed, the application will display an icon with the top half of the Android mascot. However, it will hide this icon if it successfully registers itself as the device administrator.

Antivirus Protection Dates

  • Initial Rapid Release version October 18, 2015
  • Latest Rapid Release version September 22, 2016 revision 024
  • Initial Daily Certified version October 19, 2015 revision 002
  • Latest Daily Certified version September 22, 2016 revision 025
  • Initial Weekly Certified release date October 21, 2015
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Qubo Song

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube