Home / malware Android.Funtasy
First posted on 26 September 2014.
Source: SymantecAliases :
There are no other names known for Android.Funtasy.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: com.lasmejoresapps.tvremotecontrol
Version: 1.0
Name: TV Remote Control
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Read user's contacts dataRead the user's personal profile dataAllows access to the list of accounts in the Accounts ServiceOpen network connectionsCheck the phone's current state Write to external storage devices Monitor incoming SMS messages Read SMS messages on the device Create new SMS messagesChange the phone state, such as powering it on and off
Installation
Once installed, the application will display a white icon with a dark grey outline of a remote control being pointed at a television.
Functionality
When the Trojan is executed, it displays a disclaimer explaining the premium services and their costs.
The Trojan does not allow the user to opt out and sends an HTTP request in the background to the server hosting the premium SMS services.
The Trojan intercepts a confirmation SMS sent from the premium SMS provider and extracts the confirmation code.
The Trojan resubmits the confirmation code to complete the premium services enrollment procedure.
The Trojan mutes the compromised device's notification stream and modifies the time stamp of the confirmation SMS to hide its activities.Last update 26 September 2014
