Android package file
The Trojan package has the following characteristics:
The Trojan may arrive as part of a phishing campaign. The package file has to be manually downloaded and installed by the user.
When the Trojan is being installed, it requests permissions to perform the following actions:
- Monitor incoming SMS messages.
- Access information about networks.
- Open network connections.
- Start once the device has finished booting.
- Check the phone's current state.
- Prevent processor from sleeping or screen from dimming.
Once installed, the application will display a padlock icon.
When executed, the application will display a login screen.
The Trojan prompts users for bank account and PIN code information and sends it to following location:
The Trojan may then monitor for and block SMS messages from banks.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":