Home / malwarePDF  

Android.Fakescarav


First posted on 01 February 2015.
Source: Symantec

Aliases :

There are no other names known for Android.Fakescarav.

Explanation :

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: com.androidsantivirus
Version: 1.2.7
Name: Antivirus Android's Security

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Discover and pair Bluetooth devicesConnect to paired Bluetooth devicesPrevent processor from sleeping or screen from dimmingRead or write to the system settingsOpen network connectionsChange network connectivity stateAccess information about the Wi-Fi stateAccess information about networksAccess location information, such as GPS informationAccess location information, such as Cell-ID or Wi-FiCheck the phone's current stateRead user's call logWrite to user's call logRead SMS messages on the deviceWrite to external storage devicesCreate new SMS messagesClear caches of all installed appsFind out the space used by any packageAccess list of accounts in the Accounts ServiceRead user's contacts dataCreate new contact dataEnd background processesRead user's browsing history and bookmarksWrite to user's browsing history and bookmarksRead servicesAccess information about the Wi-Fi stateChange Wi-fi stateMake the device vibrateStart once the device has finished booting
Installation
Once installed, the application will display an icon with a picture of the Android logo with a yellow and black shield:



Functionality
The malware poses as an antivirus app for Android devices.

When the Trojan is executed, it claims that the device is infected with malware, regardless of whether or not this is true. It then asks the user to pay for the full version of the app in order to remove the fake malware infections from the device.

Last update 01 February 2015

 

TOP