Home / malware Android.Bossefiv
First posted on 16 June 2015.
Source: SymantecAliases :
There are no other names known for Android.Bossefiv.
Explanation :
The Trojan may arrive as part of a Trojanized application.
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: ru.sberbankmobil
Name: Sberbank
Package name: com.rayy.android.editad
Name: SMS Editor
Package name: com.mlhg.screenfilterpro
Name: Darker Pro
Package name: com.asksven.betterbatterystats_xdaedition
Name: BetterBattery Stats
Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Connect to paired bluetooth devices.Check the phone's current state.Read from external storage.Write to external storage devices.Send SMS messages.Monitor incoming SMS messages.Start once the device has finished booting.
Installation
Once installed, the application will display any of the following icons:
An icon with Russian text that translates to Sberbank. The image is of a green half circle where the top half is made up of check marks on a white background.
An icon with the text of SMS Editor. The image is of a white quill on a blue background.
An icon with the text of Darker Pro. The image is of a blue cog on a black background.
An icon with the text of BetterBattery Stats. The image is of a white battery on a green background with a yellow circle in the bottom right corner with a white plus sign.
Functionality
The Trojan may steal the following information from the compromised device:
IMEI numberNetwork operator informationBluetooth adapter addressTrojanized application package nameContact informationIncoming SMS messages.Outgoing SMS messages.
The Trojan may send the stolen information to the following location:
[http://]update-server.ddns.net/updat[REMOVED]
The Trojan may download updated configuration data, including new locations to report to from the following location:
[http://]update-server.ddns.net/updat[REMOVED]Last update 16 June 2015