Home / malware Android.Stealthgenie
First posted on 15 November 2014.
Source: SymantecAliases :
There are no other names known for Android.Stealthgenie.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: com.device.system
Version: 1.0
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Start once the device has finished bootingMonitor, read, create, and send SMS messagesAccess location information, such as GPS informationDisable the keyguardRead and create contact dataCheck the phone's current stateInitiate a phone call without using the Phone UI or requiring confirmation from the userMonitor, modify, or end outgoing callsOpen network connectionsAccess information about networksAccess information about the Wi-Fi stateRead user's browsing history and bookmarksRead the user's calendar dataRead the user's Gmail dataWrite to external storage devicesUse the device's mic to record audioCollect battery statistics Make the phone vibratePrevent processor from sleeping or screen from dimmingAccess the list of accounts in the Accounts ServiceAllow access to low-level power management
Installation
Once installed, the application will not display an icon.
Functionality
Once installed, the Trojan may gathers the following information from the compromised device:
CallsContact information including name, surname, phone number, and contact photoEmailsGeolocationInformation about music stored on the device including artists, titles, and albumsInformation about videos stored on the device including title, type, file name, and resolutionList of installed applicationsSMS messagesTimezoneUser preferences such as browser historyWhatsApp conversations
The Trojan may then send the stolen information to one or more of the following remote locations:
[http://]asset.stealthgenie.com:8090/stealthgenie/uploa[REMOVED][http://]sync.stealthgenie.com:8090/stealt[REMOVED][http://]sync.stealthgenie.com:8090/stealthgenie/activat[REMOVED][http://]alert.stealthgenie.com:8090/stealthgenie/alert[REMOVED]Last update 15 November 2014