Home / malwarePDF  

Android.Cajino


First posted on 03 April 2015.
Source: Symantec

Aliases :

There are no other names known for Android.Cajino.

Explanation :

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: ca.ji.no.method2
Version: 2.0

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Open network connectionsCheck the phone's current stateAccess information about networksStart once the device has finished bootingRead or write to the system settingsMake the phone vibrateWrite to external storage devicesAccess the download managerDownload files through the download manager without any notification being shown to the userOpen windows that are shown on top of all other applicationsAllows applications to disable the keyguardAccess location information, such as Cell-ID or Wi-FiAccess information about the Wi-Fi stateAccess location information, such as GPS informationMonitor, read, create, and send SMS messages on the deviceRead user's contacts dataCreate new contact dataRead user's call logWrite to the user's call logInitiate a phone call without using the Phone UI or requiring confirmation from the userUse the device's mic to record audio

Installation
Once installed, the application will display an icon with an image of a spiral and the text WINESKIN WINERY.



The malware displays a fraudulent message about a software update.



Functionality
The Trojan opens a back door on the compromised device, allowing an attacker to perform the following actions:
Upload photos Upload contacts Upload call history Upload SMS messages Send SMS messages Send a list of files found on the device Upload and download files Delete files Make phone calls Send geolocation Record audio
The Trojan uses Baidu Cloud Push to receive commands from the attacker.

Last update 03 April 2015

 

TOP