Home / malware Android.Uupay
First posted on 18 June 2014.
Source: SymantecAliases :
There are no other names known for Android.Uupay.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package names: com.android.googleservicecom.google.system.kingcom.uucun4470.android.cms
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions: Monitor incoming SMS messagesSend SMS messagesOpen network connectionsRead user's contacts dataWrite Access Point Name (APN) settingsCheck the phone's current stateModify the phone's current stateChange the network's stateStart once the device has finished bootingGather information about running tasksIdentify the space used by any packageInstall packagesDelete packagesRestart packagesAccess information about networksAccess information about the WiFi stateWrite to external storage devicesInstall a shortcut on the launcherRead the phone's settingsCreate new SMS messagesRead SMS messages on the deviceMake the phone vibrate
Functionality
When the Trojan is executed, it connects to the following remote locations: dns.[REMOVED].comhttp://log6.[REMOVED].comhttp://push7.[REMOVED].comhttp://cloud6.[REMOVED].comhttp://g.[REMOVED].cn/gamecms/wap/game/wyinfo/700144311000?channelId=12068000
The Trojan may then perform the following actions: Gather information from the device, such as the IMEI number, device ID, display information and network type.Gathers a list of Access Point Names (APNs) and force the device to use specific APN informationSend SMS messagesRead received SMS messagesEnable or disable the device's network connectivityDownload and install additional appsLast update 18 June 2014
