Home / malwarePDF  

Android.Krysanec


First posted on 08 September 2014.
Source: Symantec

Aliases :

There are no other names known for Android.Krysanec.

Explanation :

Android package file
The Trojan is packaged inside legitimate Android application package files (APK). The name of the APK file is the same as that of the original application.

Permissions
Requested permissions are dependent on the application the Trojan is packaged with.

Installation
Once installed, the home screen will display the icon of the original application.

Functionality
Once executed, the Trojan opens a back door on the compromised device and connects to the following domain through TCP port 1040:
unrecom.webhop.me

The Trojan may gather the following information from the compromised device and send it to a remote location:
MAC addressMemory sizeNumber of days the Trojan has been runningDate the Trojan was installed
The Trojan may also download and execute files on the compromised device.

Last update 08 September 2014

 

TOP