Android package file
The Trojan may arrive as a package with the following characteristics:
When the Trojan is being installed, it requests permissions to perform the following actions:
- Access information about networks
- Open network connections
- Write to external storage devices
- Read from external storage devices
Once installed, the application will display an icon of a green storage file with a checkmark against a green background.
The Trojan poses as a legitimate application.
When the Trojan is executed, it opens a backdoor on the compromised Android device and constantly tries to access the URLs specified by its command and control (C&C) server.
It communicates with the following C&C servers:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":