1. Symantec/
  2. Security Response/
  3. Android.Sockrat


Risk Level 1: Very Low

November 5, 2015
November 5, 2015 11:42:37 AM
Infection Length:
7,211,358 bytes
Systems Affected:
Android.Sockrat is a Trojan horse for Android devices that opens a back door and steals information from the compromised device.


When the Trojan is being installed, it requests permissions to perform the following actions:
  • Open network connections
  • Access information about networks
  • Prevent processor from sleeping or screen from dimming
  • Access information about the Wi-Fi state
  • Check the phone's current state
  • Create new voicemail
  • Add entry to user's dictionary
  • Edit sync settings
  • Add content to user's social stream
  • Create new SMS messages
  • Read or write to the system settings
  • Edit user's profile
  • Read or write to the browser's history and bookmarks
  • Read or write to the call log
  • Create new calendar data
  • Make the phone vibrate
  • Use SIP service
  • User login credentials
  • Uninstall application shortcuts
  • Use device's IR transmitter
  • Display alerts
  • Read or write to subscribed feeds
  • Request that a signal be sent to all persistent processes
  • Set the wallpaper
  • Set the wallpaper hints
  • Set the time zone
  • Set the maximum number of application processes that can be running
  • Configure an application for debugging.
  • Modify the global animation scaling factor
  • Control whether activities are immediately stopped when placed in the background
  • Set an alarm
  • Send SMS message
  • Allow other applications to handle the respond-via-message action during incoming calls
  • Restart application packages
  • Change the order of running tasks
  • Record audio from the microphone
  • Receive WAP push messages
  • Receive SMS messages
  • Receive MMS messages
  • Access user's dictionary
  • Start once the device has finished booting
  • Access voicemails
  • Read sync settings
  • Read social stream
  • Read SMS messages
  • Read profile data
  • Check the phone's current state
  • Check the device logs
  • Access the browser's history and bookmarks
  • Read user's contacts data
  • Read external storage.
  • Read call logs
  • Redirect a phone call to a different number or stop the call
  • Read calendar data
  • Access near field communication services
  • Mount and unmount file systems for removable storage
  • Format file systems for removable storage
  • Modify audio settings
  • Control media playback
  • Manage documents
  • Manage accounts
  • Use location features in hardware,
  • End background processes
  • Install application shortcuts
  • Access information on the top activity on the device
  • Access list of current or recently running tasks
  • Access application package sizes
  • Activate the flashlight
  • Expand the status bar
  • Allows applications to disable the keyguard
  • Clear the app cache
  • Change Wi-Fi state
  • Change Wi-Fi multicast state
  • Change network state
  • Change configuration data
  • Capture video output
  • Capture secure video output
  • Capture audio output
  • Activate camera
  • Initiate a phone call
  • Broadcast sticky intents
  • Access data from body sensors, such as heart rate information
  • Discover, pair, and connect to Bluetooth devices
  • Access statistics on the battery
  • Authenticate accounts
  • Access information about networks
  • Access location information, such as GPS information
  • Access location information, such as Cell-ID or Wi-Fi
  • Access fake location data
  • Access extra location provider commands

Antivirus Protection Dates

  • Initial Rapid Release version November 5, 2015 revision 005
  • Latest Rapid Release version September 22, 2016 revision 004
  • Initial Daily Certified version November 5, 2015 revision 019
  • Latest Daily Certified version September 22, 2016 revision 025
  • Initial Weekly Certified release date November 11, 2015
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Takashi Katsuki

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube