Home / malware Android.Geplook
First posted on 20 December 2014.
Source: SymantecAliases :
There are no other names known for Android.Geplook.
Explanation :
Android package file
The Trojan may arrive as a package with either of the following characteristics:
Package name: com.centerincludeblade.eletricscreen
App name: Temp
Version number: 3.0
Package name: com.horizoncolddifferent.eletricscreen
App name: Ferrari Luxury Cars
Version number: 3.3
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions: Open network connectionsAccess information about networksAccess information about the Wi-Fi stateCheck the phone's current stateAccess list of accountsManage list of accountsAuthenticate accounts
Installation
Once installed, the application may display one of two icons.
The application may display a blue and red icon with an image of a finger on a biometric fingerprint reader beside a padlock.
The application may display an icon with an image of a red Ferrari sports car.
Functionality
When the Trojan is executed, it displays content such as games and wallpapers.
The Trojan may then connect to the following remote locations: [http://]shuabang.appad.mobi[REMOVED][http://]play.google.com
The Trojan may then perform the following actions: Create or associate the remote attacker's email accounts with the compromised deviceDownload appsUse the device to give apps on the Google Play store better ratingsSend device information to a remote location, such as where the device's operator is basedLast update 20 December 2014
