Home / malware Android.Rubobi
First posted on 20 May 2014.
Source: SymantecAliases :
There are no other names known for Android.Rubobi.
Explanation :
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: com.android.system
APK: FLV_android.apk
Version: 2.1
Name: System
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions: Open network connections Create new SMS messages Read SMS messages on the device Send SMS messagesMonitor incoming SMS messages Write to external storage devices Prevent processor from sleeping or screen from dimming Check the phone's current state Read external storage devices Read user's contacts data Start once the device has finished bootingPrevent processor from sleeping or screen from dimming Broadcast notification that an application package has been removed
Installation
Once installed, the application will display a green Android robot with the text "System".
Functionality
The Trojan sends and intercepts SMS messages as part of a botnet.
The Trojan is executed whenever the device starts or makes or receives a phone call.
The Trojan prevents the display of incoming SMS message from phone numbers containing the following strings: 088011000100
The Trojan then sends messages received from these phone numbers to the following remote location:
erawap.org
The Trojan steals the following information: Device IMEIPhone numberSIM country codeSIM operator name
The Trojan may also send SMS messages through a compromised device.
The Trojan may also download updates from the following remote location:
erawap.org/update.apkLast update 20 May 2014
