Home / malwarePDF  

Android.Acecard


First posted on 09 December 2014.
Source: Symantec

Aliases :

There are no other names known for Android.Acecard.

Explanation :

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: com.slempo.service
Version: 1.0
Name: System Update

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Open network connectionsAccess information about networksStart once the device has finished bootingChange the phone state, such as powering it on and offAccess list of current or recently running tasksMonitor incoming SMS messagesRead and send SMS messagesInitiate a phone call without using the Phone UI or requiring confirmation from the userAccess location information, such as Cell-ID, Wi-Fi, and GPS informationPrevent processor from sleeping or screen from dimming

Installation
Once installed, the application will display an icon with a white letter F on a red background.




Functionality
The Trojan masquerades as a system update package.

Once executed, the Trojan asks the user to authorize device administrator permissions in order to allow it to run every time the device restarts.

The Trojan then monitors for the execution of the following applications:
com.whatsappcom.viber.voipcom.instagram.androidcom.skype.raidercom.vkontakte.androidru.ok.androidcom.facebook.katanacom.google.android.gmcom.twitter.android
If any of the listed applications are launched, the Trojan displays a fake login dialogue box.



If the user enters their login credentials, the Trojan sends the stolen information to the following remote location:
[http://]voooxrrw2wxnoyew.onion
The Trojan may then perform malicious activities on the compromised device.

Last update 09 December 2014

 

TOP