Home / malware Android.Windseeker
First posted on 16 October 2014.
Source: SymantecAliases :
There are no other names known for Android.Windseeker.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: com.example.windseeker
Version: 2.1
Name: Wind Seeker
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Open network connectionsWrite to external storage devicesGet information about currently or recently running tasksRead or write to the system settingsStart once the device has finished bootingCheck the phone's current stateSend SMS messagesAccess information about networks
Installation
Once installed, the application will display an icon with a green Android icon with a box on its chest.
Functionality
When the Trojan is executed, it requests a root permission and creates the following service to run in the background:
com.example.chathook.ProcessMonitor
When the Trojan obtains root permissions, it creates the following files to monitor activities in the QQ and Wechat messengers:
*competing_su*libcall.so*inject_appso*conn.jar
The Trojan steals the following information:
Contact informationChat history of messengers
The Trojan sends the stolen information to the following remote server:
[http://]tingfengzhe.sinaapp.com/recor[REMOVED]Last update 16 October 2014