Home / malwarePDF  

Android.Benews


First posted on 18 July 2015.
Source: Symantec

Aliases :

There are no other names known for Android.Benews.

Explanation :

Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: org.benewsVersion name: 1.7App name: BeNews

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
Open network connections
Write to external storage devicesCheck the phone's current state


Installation
Once installed, the application displays an icon with a picture of Google's Android mascot wearing headphones, red sunglasses, and a black-and-yellow outfit.



Functionality
When the Trojan is executed, it poses as a news application.

Next, the Trojan runs its BootManager module so that it runs every time the device restarts.

The Trojan then connects to the following remote location: 46.38.48.178
The Trojan may then download and execute malicious code.

Last update 18 July 2015

 

TOP