The number of infected phones by this malware increases rapidly. Hence, the cybercriminal responsible is able to generate a large amount of revenue given that the current infection rates are sustained.
To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.
This Trojan may perform certain routines when installed on the affected device.
It collects certain device information and sends it to a remote server.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It connects to a website to send and receive information.
File size: 314,445 bytes
File type: APK
Initial samples received date: 07 Feb 2012
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Backdoor Routine
This Trojan connects to the following websites to send and receive information:
NOTES:
This Trojan may perform the following routines when installed on the affected device:
- Access pay-per-view video
- Boot the device
- Call premium-rate numbers
- Check phone current state
- Download APK and other files
- Get information on running tasks
- Get local information
- Install application
- Prevents screen from turning off or dimming
- Read/Write the SYNC settings
- Search/pair/connect to bluetooth devices
- Send SMS to premium service numbers
- Shutdown the device
- Start its own application
- Steal information from the device
- Vibrates the device
- Write/Modify APN settings
It collects the following device information and sends it to a remote server:
- CID
- IMEI
- IMSI
- Install Type
- LAC
- MNC
- Package ID
- Package Level
- Package Name
- Phone Model Number
- Phone Version
- Release version
- SMS Center
Connect with us on
| | | |