Home / malware Monitoring-Tool:Android/SimChecker.A
First posted on 12 October 2011.
Source: SecurityHomeAliases :
There are no other names known for Monitoring-Tool:Android/SimChecker.A.
Explanation :
Monitoring-Tool:Android/SimChecker.A collects geolocation and other confidential information from a device, and sends out this information via SMS messages and e-mails.
Additional Details
Monitoring-Tool:Android/SimChecker.A is a trojanized SimChecker Pro application that collects geolocation and other confidential information from a device. Upon rebooting the device, this application sends out this stolen information to the author's e-mail address and SMS number that it comes preconfigured with.
Since the trojanized application is already preconfigured by the author, it displays a password prompt to access the configuration UI.
click on image for a larger view
However, even if the user chooses not to access this configuration UI, SimCheck.A would still collect the device's information each time the device reboots.
The following are the information that SimCheck.A sends out to the author's SMS number and e-mail address:
Via SMS messages
- location retrieved through the device's WiFi network, the accuracy, and the street address
- location retrieved through the device's GPS, the accuracy, and the street address
- location retrieved through WPS, the accuracy, and the street address
Via e-mails
- same location information sent out via SMS messages, plus the altitude, bearing and speed on the GPS location
- SIM information
- IMSI, if SIM requires PIN to unlock
- SIM serial number, if SIM does not use PIN
- Operator code and service provider name
- Call logs (incoming, outgoing and missed)
To send out the e-mails, SimCheck.A uses the server side script located at https://[...]trackdroid.org[...]/sendmail.php.Last update 12 October 2011
