Home / malwarePDF  

Android.Habey


First posted on 07 October 2014.
Source: Symantec

Aliases :

There are no other names known for Android.Habey.

Explanation :

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: com.elite
Version: 1.0
Name: Angry Birds Transformers

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions: Gather information on tasks that are currently runningCheck the phone's current stateMonitor incoming SMS messagesSend SMS messagesRead SMS messages on the deviceCreate new SMS messagesRead user's contacts dataRead external storage devicesWrite to external storage devicesStart once the device has finished bootingRead or write to the system settingsPrevent processor from sleeping or screen from dimming
Installation
Once installed, the application will display a black and red icon with the Angry Birds Transformers logo and the text "TRANSFORMERS."



Functionality
The Trojan may arrive on the device as part of a social engineering campaign which disguises the app as a mobile game.

When the Trojan is executed, it asks to gain access to administrator permissions.

The Trojan then starts a service with the following characteristics:
Service name: MyService

The Trojan then displays an image of the Android mascot with a Guy Fawkes mask and a gun along with the message "OBEY or Be Hacked."


The Trojan may then perform the following actions: Wipe the memory cardRegister broadcast receivers so that they automatically start every time the compromised device restartsIntercept communications sent through SMS messages and apps such as WhatsApp, Facebook, and Google TalkSend SMS messages saying "HEY!! [CONTACT'S NAME] Elite has hacked you. Obey or be hacked" to all contacts on the compromised device

Last update 07 October 2014

 

TOP