Home / malware Android.Phimdropper
First posted on 21 February 2014.
Source: SymantecAliases :
There are no other names known for Android.Phimdropper.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: com.vn.thegioididong.phim18
APK: com.vn.thegioididong.phim18_1.0.1.apk
Version: 1.0.1
Name: Phim 18
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Start once the device has finished booting. Open network connections. Access information about networks. Check the phone's current state. Write to external storage devices. Prevent processor from sleeping or screen from dimming.
Installation
Once installed, the application will display an icon with an image of a black haired girl with pink lingerie.
Functionality
The Trojan poses as an app that contains adult content.
The Trojan then attempts to trick the user into downloading another malicious APK from the following URL: [http://]vaiae.com:8889
The downloaded APK may then perform the following actions: Send SMS messagesUpdate the app by downloading a new APKIntercept incoming SMS messages according to a black list of phone numbersTry to run itself in device administrator mode to make it more difficult to uninstallLast update 21 February 2014
