Home / malware Android.Dendoroid
First posted on 05 March 2014.
Source: SymantecAliases :
There are no other names known for Android.Dendoroid.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: com.parental.control.v4
Version: 1.0
Name: Dendroid
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Open network connectionsRead SMS messages on the deviceCreate new SMS messagesAccess the list of accounts in the Accounts ServiceRead (but not write) the user's browsing history and bookmarksAccess information about networksRead user's contacts dataAccess the precise location from location sources such as GPS, cell towers, and Wi-FiObtain information about the currently or recently running tasksPrevent processor from sleeping or screen from dimmingInitiate a phone call without using the Phone UI or requiring confirmation from the userSend SMS messagesRead or write to the system settingsCheck the phone's current stateWrite to external storage devicesAccess the camera deviceRecord audio Monitor, modify, or end outgoing callsMonitor incoming SMS messages
Installation
Once installed, the application will display a green hexagon shaped icon with the Android logo with tree branches on its head.
Functionality
The Trojan is a remote administration tool for Android devices.
The Trojan connects to the following command-and-control server to obtain commands:
[http://]pizzachip.com/r[REMOVED]
The Trojan may perform the following actions:
Call a phone numberRecord phone callsRecord audioDelete the call logObtain the call logSteal contact informationBlock SMS messagesDelete SMS messagesSend SMS messagesObtain the content of SMS messages in the Inbox and the Sent folderTake photosTake videoOpen an applicationObtain a list of installed applicationsOpen a URLObtain browser bookmarksObtain the browser historyDelete specified filesUpload files to a serverUpload pictures to a server Perform an HTTP Flood on a specified URLChange the command-and-control server(C&C) Update itselfLast update 05 March 2014
