Home / malware

PDF

Android.Sockrat

First posted on 06 November 2015.
Source: Symantec

Aliases :

There are no other names known for Android.Sockrat.

Explanation :

The Trojan is the Android version of Backdoor.Sockrat.

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions: Open network connectionsAccess information about networksPrevent processor from sleeping or screen from dimmingAccess information about the Wi-Fi stateCheck the phone's current stateCreate new voicemailAdd entry to user's dictionaryEdit sync settingsAdd content to user's social streamCreate new SMS messagesRead or write to the system settingsEdit user's profileRead or write to the browser's history and bookmarksRead or write to the call logCreate new calendar dataMake the phone vibrateUse SIP serviceUser login credentialsUninstall application shortcutsUse device's IR transmitterDisplay alertsRead or write to subscribed feedsRequest that a signal be sent to all persistent processesSet the wallpaperSet the wallpaper hintsSet the time zoneSet the maximum number of application processes that can be runningConfigure an application for debugging.Modify the global animation scaling factorControl whether activities are immediately stopped when placed in the backgroundSet an alarmSend SMS messageAllow other applications to handle the respond-via-message action during incoming callsRestart application packagesChange the order of running tasksRecord audio from the microphoneReceive WAP push messagesReceive SMS messagesReceive MMS messagesAccess user's dictionaryStart once the device has finished bootingAccess voicemailsRead sync settingsRead social streamRead SMS messagesRead profile dataCheck the phone's current stateCheck the device logsAccess the browser's history and bookmarksRead user's contacts dataRead external storage.Read call logsRedirect a phone call to a different number or stop the call Read calendar dataAccess near field communication servicesMount and unmount file systems for removable storageFormat file systems for removable storageModify audio settingsControl media playbackManage documentsManage accountsUse location features in hardware,End background processesInstall application shortcutsAccess information on the top activity on the deviceAccess list of current or recently running tasksAccess application package sizesActivate the flashlightExpand the status barAllows applications to disable the keyguardClear the app cacheChange Wi-Fi stateChange Wi-Fi multicast stateChange network stateChange configuration dataCapture video outputCapture secure video outputCapture audio outputActivate cameraInitiate a phone callBroadcast sticky intentsAccess data from body sensors, such as heart rate informationDiscover, pair, and connect to Bluetooth devicesAccess statistics on the batteryAuthenticate accountsAccess information about networksAccess location information, such as GPS informationAccess location information, such as Cell-ID or Wi-FiAccess fake location dataAccess extra location provider commands
Functionality
When the Trojan is executed, it may gather the following information: Wi-Fi passwordPasswords saved in the Chrome browserGeolocation dataWi-Fi access point dataList of installed appsContact detailsWeb browser history
The threat may also perform the following actions: Record audio from the microphoneCapture screenshotsCapture photos using the cameraMake a phone callSend, delete, and list SMS messagesTraverse file systemMake the phone vibrateChange the home screen's wallpaperCreate fake SMS and call history

Last update 06 November 2015

 

TOP