Home / malware Android.Lockdroid.F
First posted on 23 October 2014.
Source: SymantecAliases :
There are no other names known for Android.Lockdroid.F.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:Package name: com.an.piVersion: 1.0Name: PhotoViewer
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Open network connectionsStart once the device has finished bootingCheck the phone's current stateOpen and display windows on top of all other applicationsSend SMS messagesRead user's contacts data
Installation
Once installed, the application will display a landscape picture of a lake with hills and blue sky with the text "JPG" and "PhotoViewer".
Functionality
The malicious app must be installed manually by the user before the Trojan can perform any activities.
When the Trojan is executed, it connects to the following remote location:[http://]admobtube.com
The Trojan then displays a message saying that the mobile device has been locked.
The Trojan then demands payment, claiming that the device will be unlocked once the money has been received.
In an attempt to spread, the Trojan sends the following SMS message to all contacts stored on the compromised device:
someone made a profile named -Luca Pelliciari- and he uploaded some of your photos! is that you? http://bit.ly/img[REMOVED]Last update 23 October 2014
