Home / malware

PDF

Android.Selfmite.B

First posted on 11 October 2014.
Source: Symantec

Aliases :

There are no other names known for Android.Selfmite.B.

Explanation :

Android package file
The worm may arrive as a package with the following characteristics: Package name: com.google.gsn.plus Version name: 1.0 Name: Google Plus
Permissions
When the worm is being installed, it requests permissions to perform the following actions:
Open network connectionsAccess information about networksRead user's contacts dataChange the phone state, such as powering it on and offInstall a shortcutSend SMS messagesStart once the device has finished bootingImplement device administrative features
Installation
Once installed, the application will display a black icon with the Google+ logo:



Functionality
When the worm is executed, it asks the user to give it administrative access to the device.

Next, the worm downloads a configuration file from the following remote location: [http://]209.190.28.50/setti[REMOVED]
The worm then sends SMS messages to all contacts stored in the device's phone book. The SMS messages include a link to the worm and contain the following contents: Hey, try it, its very fine. [URL TO SITE HOSTING THE WORM] Hi buddy, try this, its amazing u know. [URL TO SITE HOSTING THE WORM]
The worm also displays ads on the compromised device.

Last update 11 October 2014

 

TOP