Home / malwarePDF  

Android.Lockdroid.E


First posted on 31 October 2014.
Source: Symantec

Aliases :

There are no other names known for Android.Lockdroid.E.

Explanation :

Android package file
The Trojan may arrive as a package with the following characteristics: Package name: com.android.x5a807058Version: 1.0.0Name: PornDroid
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Display alertsAccess list of current or recently running tasksChange the display order of currently running tasksOpen network connectionsStart once the device has finished bootingCheck the phone's current stateRead user's contacts dataRead user's browsing history and bookmarksRead user's call logRead SMS messages on the deviceAccess the cameraRead or write to the system settingsChange the phone's audio settingsLock or change device lock settings

Installation
Once installed, the application will display an icon with the text "Porn Droid".



Functionality
The malicious app must be installed manually by the user before the Trojan can perform any activities.

When the Trojan is executed, it connects to the following remote location:[http://]37.252.122.213/main[REMOVED]
The Trojan then displays a message saying that the mobile device has been locked.



The Trojan then demands payment, claiming that the device will be unlocked once the money has been received.



The Trojan may connect to the following domains:
[RANDOM PREFIX].dnsbp.cloudns.pro[RANDOM PREFIX].dnsbp.cloudns.pw[RANDOM PREFIX].dyn.nuckchorris.net

Last update 31 October 2014

 

TOP