Home / malware Android.Smsstealer
First posted on 16 December 2014.
Source: SymantecAliases :
There are no other names known for Android.Smsstealer.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: com.dsifakf.aoakmnq
Version: 1.0
Name: Assassin's creed
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Access information about networksRead external storage devicesWrite to external storage devicesCreate new SMS messagesSend SMS messagesCheck the phone's current statePrevent processor from sleeping or screen from dimmingStart once the device has finished bootingAllow access to the list of accounts in the Accounts ServiceOpen network connectionsRead SMS messages on the deviceMonitor incoming SMS messagesMonitor, modify, or end outgoing calls
Installation
Once installed, the application will display an icon with an image of a man with a gray hood. The image is taken from a legitimate Assassin's Creed game for Android devices.
Functionality
When the Trojan is executed, it runs a pirated version of the Assassin's Creed game to make the user think that the app is not malicious.
The Trojan then connects to the following remote locations:[http://]bnk7ihekqxp.net[http://]googleapiserver.net[REMOVED]
Next, the Trojan gathers the following information in the background:Phone numberSubscriber IDSMS messages
The Trojan then sends this information to the attacker's remote location.Last update 16 December 2014
