Home / malware Android.Smslink
First posted on 27 November 2014.
Source: SymantecAliases :
There are no other names known for Android.Smslink.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: com.android.mms20
Version: 1.0
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Create new SMS messages. Read SMS messages on the device. Send SMS messages. Create new contact data. Read user's contacts data. Open network connections. Access information about networks. Check the phone's current state. Allow access to low-level system logs. Write to external storage devices. Prevent processor from sleeping or screen from dimming. Access location information, such as Cell-ID or Wi-Fi. Access location information, such as GPS information. Access list of current or recently running tasks. Access information about the Wi-Fi state. Change the Wi-Fi state. Detect the user's current physical activity, such as walking, driving, or standing still.Make the phone vibrate. Use the device's mic to record audio. Read the user's calendar data.Write (but not read) the user's calendar data.Access the list of accounts in the Accounts Service.Start once the device has finished booting. Display alerts. Install a shortcut in Launcher.Uninstall a shortcut in Launcher.
Installation
Once installed, the application will display an icon with four sections of different colors. The top left is green with a white speech bubble with green quotation marks. The top right is red with a white 'play' symbol. The bottom left is yellow with a black circle in the center, and the whole section looks like a camera. The bottom right is blue with a white 'winky face emoticon'.
Functionality
The Trojan arrives on the compromised device after being manually downloaded.
The Trojan may perform the following actions:
Send SMS messages with links to malicious appsDisplay adsLast update 27 November 2014
