Infection Channel: Downloaded from the Internet, Via app stores
This Android backdoor can be controlled via SMS or phone calls.
To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below.
This application is installed only on the applications list and is not displayed as an icon on the main menu.
It waits for specially-crafted SMS messages to perform its intended routines.
This spyware may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.
File size: 221,564 bytes
File type: DEX
Memory resident: Yes
Initial samples received date: 12 Apr 2012
Payload: Steals information
Arrival Details
This spyware may be unknowingly downloaded by a user while visiting malicious websites.
It may be manually installed by a user.
NOTES:
Upon installation, this application is only be visible in the installed applications list and not displayed as an icon on the main menu compared to normal applications:
Below are some of the permissions it requires:
It waits for specially-crafted SMS messages to be able to perform any of the following routines:
- Change network settings
- Capture screenshots and upload the image
- Determine the current GPS location
- Kill processes except:
- Process name is any of the following:
- com.android.phone
- com.google.android.lifestyle (the malware process)
- system
- Process name starts with any of the following:
- com.htc.
- com.google.
- android.
- com.android.
- Reboot affected device
- Record calls and upload the audio
- Retrieve contacts list
Connect with us on
| | | |