Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Android.Cobblerone

Android.Cobblerone

Updated:
November 15, 2011
Infection Length:
Varies
Name:
Spy Phone Location Sms Control, Spy Phone Location Remote SMS
Publisher:
LiuZhonglin, Liu Zhonglin
Risk Impact:
High
Systems Affected:
Android

Behavior

Android.Cobblerone is a spyware application for Android devices that can track the phone's location and remotely erase the device.

Android package file
The risk arrives as one of the following application packages:

Free version:
APK: com.FourCobblers.Free.PhoneLock.apk
Publisher: LiuZhonglin
Marketplace Name: Spy Phone Location Sms Control

Paid version:
APK: com.FourCobblers.PhoneLock.apk
Publisher: Liu Zhonglin
Marketplace Name: Spy Phone Location Remote SMS



Installation
The program must be manually installed.

The application will create an icon that depicts a blue padlock.


This icon will have the following name:
-NotePad

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version November 15, 2011 revision 019
  • Latest Daily Certified version November 15, 2011 revision 019
  • Initial Weekly Certified release date November 16, 2011
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Android package file
The risk arrives as one of the following application packages:

Free version:
APK: com.FourCobblers.Free.PhoneLock.apk
Publisher: LiuZhonglin
Marketplace Name: Spy Phone Location Sms Control

Paid version:
APK: com.FourCobblers.PhoneLock.apk
Publisher: Liu Zhonglin
Marketplace Name: Spy Phone Location Remote SMS



Installation
The program must be manually installed.

The application will create an icon that depicts a blue padlock.


This icon will have the following name:
-NotePad



Permissions
When the risk is being installed, it requests permissions to perform the following actions:

  • Write to external storage devices.
  • Check the phone's current state.
  • Monitor incoming SMS messages.
  • Send SMS messages.
  • Access location information, such as Cell-ID or WiFi.
  • Access location information, such as GPS information.
  • Access information about networks.
  • Access information about the WiFi state.
  • Open network connections.
  • Update device statistics.
  • Change Wi-Fi connectivity state.
  • Prevent processor from sleeping or screen from dimming.



System monitoring
The application then listens for special commands sent using SMS messages. If a specific SMS is received, the application will send back the location of the device.

Device modifications

The application can also listen for a second, specific SMS message that, if received, will perform a factory reset, clearing all user data from the device.

Functionality
If the application is launched from the menu, it asks for a password for access. If the correct password is entered, a configuration menu is displayed. If an incorrect password is entered, an empty text editor is opened.
You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


Install Norton Mobile Security
If you do not already have Norton Mobile Security installed on your device, please download the product from the Android marketplace .

Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
  1. Select the 90-Day free download.
  2. Click on the Android icon to begin downloading the product.
  3. Click on Install in order to accept the permissions that are being requested by the program.
  4. Next, click Open and then Agree & Launch.

Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and press Submit .


Run a full system scan
Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
  1. Navigate to the Anti-Malware tab.
  2. Click Scan Now.


Manual removal
To remove this risk manually, please perform the following actions:
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, click Manage.
  4. Select the application and click the Uninstall button.