Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Android.Beaglespy

Android.Beaglespy

Updated:
October 24, 2012
Infection Length:
140,000 to 550,000 bytes
Name:
PhoneBeagle
Risk Impact:
Medium
Systems Affected:
Android

Behavior

Android.Beaglespy is an Android mobile detection for the Beagle spyware program as well as its associated client application.

Android package file
The spyware program may arrive as a package with the following characteristics:

Package name:
com.agilebinary.phonebeagle
    Name:
    Beagle Recorder

      The client application may arrive as a package with the following characteristics:

      Package name:
      com.agilebinary.phonebeagle.client
        Name:
        Beagle Client


        Installation
        Both the spyware program and client application must be downloaded from the developer's website and installed manually.

        Once installed, the spyware program will display an icon of a green and white checkered shield.



        Once installed, the client application will display an icon of a cartoon dog.


        Antivirus Protection Dates

        • Initial Rapid Release version October 02, 2014 revision 022
        • Latest Rapid Release version October 02, 2014 revision 022
        • Initial Daily Certified version September 01, 2012 revision 008
        • Latest Daily Certified version September 01, 2012 revision 008
        • Initial Weekly Certified release date September 05, 2012
        Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
        Android package file
        The spyware program may arrive as a package with the following characteristics:

        Package name:
        com.agilebinary.phonebeagle

        Name:
        Beagle Recorder

          The client application may arrive as a package with the following characteristics:

          Package name:
          com.agilebinary.phonebeagle.client

          Name:
          Beagle Client


          Permissions
          When the spyware program is being installed, it requests permissions to perform the following actions:
          • Access information about currently or recently running tasks
          • Access information about networks and WiFi state
          • Access location information, such as Cell-ID, WiFi, and GPS information
          • Allow access to low-level system logs
          • Change WiFi connectivity state
          • Check the phone's current state
          • Create new contact data
          • Create new SMS messages
          • End background processes
          • Initiate a phone call without using the Phone UI or requiring confirmation from the user
          • Monitor incoming SMS and MMS messages
          • Monitor, modify, or end outgoing calls
          • Open network connections
          • Prevent processor from sleeping or screen from dimming
          • Read SMS messages on the device
          • Read the user's browsing history and bookmarks
          • Read the user's contacts data
          • Send SMS messages
          • Start once the device has finished booting

          When the client application is being installed, it requests permissions to perform the following actions:
          • Access information about networks
          • Open network connections
          • Prevent processor from sleeping or screen from dimming

          Installation
          Both the spyware program and the client application must be downloaded from the developer's website and installed manually.

          Once installed, the spyware program will display an icon of a green and white checkered shield.



          Once installed, the client application will display an icon of a cartoon dog.




          Functionality
          The spyware program records the following information from the device:
          • Address book
          • Calls
          • Installed apps
          • Location
          • Messages
          • Multimedia Messages
          • Web browsing history

          The above information is then uploaded to a remote location and is viewable using the client application.

          You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


          Install Norton Mobile Security
          If you do not already have Norton Mobile Security installed on your device, please download the product from the Google Play Store .

          Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
          1. Select the 90-Day free download.
          2. Select the Android icon to begin downloading the product.
          3. Select Install in order to accept the permissions that are being requested by the program.
          4. Next, select Open and then Agree & Launch.

          Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and select Submit .


          Run a full system scan
          Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
          1. Navigate to the Anti-Malware tab.
          2. Select Scan Now.


          Manual removal
          To remove this risk manually, please perform the following actions:
          1. Open the Google Android Menu.
          2. Go to the Settings icon and select Applications.
          3. Next, select Manage.
          4. Select the application and select Uninstall.
          Writeup By: Beannie Cai