Home / malware Android.Pletora
First posted on 13 June 2014.
Source: SymantecAliases :
There are no other names known for Android.Pletora.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: com.adobe.flashplugin
Name: flashplugin
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Read user's contacts data. Get information about the currently or recently running tasks. Allow access to low-level system logs. Make the phone vibrate. Change network connectivity state. Monitor, modify, or end outgoing calls. Open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications. Prevent processor from sleeping or screen from dimming. Access information about the WiFi state. Change Wi-Fi connectivity state. Access information about networks. Open network connections. Start once the device has finished booting. Check the phone's current state. Write to external storage devices. Read or write to the system settings. Check the phone's current state. Monitor, modify, or end outgoing calls. Access the camera device.
Installation
Once installed, the application will display a red icon with an "f" on it and the text of "Adobe Flash Player".
Functionality
When the Trojan is executed, it locks the compromised device and asks for a ransom while displaying the following screen:
The Trojan connects to the following remote server:
[http://][REMOVED]/bigaboo/gate[REMOVED]
The Trojan may identify the following installed applications on the compromised device and send the information to the remote server:
com.usaa.mobile.android.usaacom.citi.citimobilecom.americanexpress.android.acctsvcs.uscom.wf.wellsfargomobilecom.tablet.bofacom.infonow.bofacom.tdbankcom.chase.sig.androidcom.bbt.androidapp.activitycom.regions.mobbanking
The Trojan may perform the following actions:
Save incoming callsCollect contactsLoad itself and lock the screen after a rebootPrevent the user from closing the appLast update 13 June 2014
