Home / malwarePDF  

Android.Fitikser


First posted on 02 October 2014.
Source: Symantec

Aliases :

There are no other names known for Android.Fitikser.

Explanation :

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: com.v1
Version: 3.2.1
Name: Code4hk

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Access information about currently or recently running tasksAccess information about networksAccess information about the Wi-Fi stateAccess location information, such as GPS, Cell-ID, or Wi-Fi informationChange network connectivity stateCheck the phone's current stateCreate mock location providers for testingMake the phone vibrateModify global audio settings Monitor incoming SMS messagesMonitor, modify, or end outgoing callsMount and unmount file systems for removable storageOpen network connectionsRead and write phone's contacts dataRead or write to the system settingsRead SMS messages on the deviceRead the call logRead the the browsing history and bookmarksStart once the device has finished bootingUse the device's mic to record audioWrite to external storage devices
Installation
Once installed, the application will display an icon with a white paper airplane and a lighthouse on a blue background with the text Code4HK.




Functionality
Once executed, the Trojan drops a hidden apk file to the following location:
/sdcard/.qq/temp.apk
The Trojan then displays a fake update notification on the compromised device.



The Trojan may then perform the following actions on the compromised device:
Record outgoing callsRecord SMS conversationsSteal email account details
The Trojan stores the stolen information in the following location:
/data/data/com.v1/.record
The Trojan sends the stolen information to the following remote location:
[REMOVED].[REMOVED].11.75

Last update 02 October 2014

 

TOP