Home / malware Monitoring-Tool:Android/SpyBubble.A
First posted on 12 July 2011.
Source: SecurityHomeAliases :
There are no other names known for Monitoring-Tool:Android/SpyBubble.A.
Explanation :
Monitoring-Tool:Android/SpyBubble.A is a commercially available tracking tool.
Additional Details
Monitoring-Tool:Android/SpyBubble.A monitors incoming and outgoing phone calls and SMS messages, as well as the contact information of other parties.
It can also monitor added photos, visited URLs, and the GPS location of the phone. All this information may be uploaded to a remote server.
Installation
Upon installation, the application waits for the next reboot of the device to activate all of its components.
On reboot, it prompts the user with the terms and conditions, as well requesting the license key for the product, before it actually starts all the monitoring components.
click on image for a larger view
If the installation is successful, the program does not display an icon in the phone's application menu. Users may detect its presence by checking the "Manage applications" menu under Settings for the application name radio.
Activity
Once active, the monitoring components will silently run in the background as services.
click on image for a larger view
The program uses the following permissions to perform these activities:
click on image for a larger view
The application gathers a lot of information from the phone, as well as about the user's activities:
- Call and SMS tracking:
- IMEI for GSM and the MEID or ESN for CDMA phones
- IMSI for a GSM phone
- MSISDN for a GSM phone or the telephone number of the SIM card
- Telephone number of the other party
- Name/Number/Email of the other party if it exists on the phonebook
- Duration of the call
- Type of call (incoming, outgoing, or missed)
- Sent and received message
- Browsing tracking:
- Url of the visited websites
- Location tracking:
- GPS location of the phone (the method used may incur charges)
- Pictures:
- Photos taken and the date it was added
All the gathered information may be sent at interval to a remote server (http://[...].spybubble.com/[...]) using a HTTP post operation without the users knowledge.
The information may also be accessed by the party that installed the app on the phone (if it was not installed by the primary user).Last update 12 July 2011