Home / malware Android.Fakebok
First posted on 21 February 2014.
Source: SymantecAliases :
There are no other names known for Android.Fakebok.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: com.facebook
APK: facebookx.apk
Version: 1.0
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Open network connectionsSend SMS messagesCheck the phone's current stateAccess information about networksWrite to external storage device
Installation
Once installed, the application will display a blue icon with a white letter "f", mimicking the appearance of the legitimate Facebook icon.
Functionality
When the Trojan is executed, it displays a message telling the user to update the app.
When the user selects the update button, the Trojan sends the following SMS messages to 8738:
SMS 1: KPAH 1 [FIVE DIGIT NUMBER] facebookSMS 2: KPAH 2 [FIVE DIGIT NUMBER] facebookSMS 3: MGO 2 [FIVE DIGIT NUMBER] facebook
The Trojan may then connect to the following remote location in order to update the body of the SMS messages or the premium phone number:
[http://]service.10h.vn:8080/mbv-game[REMOVED]Last update 21 February 2014
