Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Android.Fauxtocopy

Android.Fauxtocopy

Updated:
November 15, 2011
Name:
Update
Version:
1.2
Risk Impact:
High
Systems Affected:
Android

Behavior

Android.Fauxtocopy is a spyware application for Android devices that gathers photos from the device and sends them to a predetermined email address.

Android package file
The Trojan arrives as one of the following application packages:

APK: Update.apk
Name: Update


Installation
The program must be manually installed.

The application will create an icon that looks like a cog wheel.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version November 15, 2011 revision 019
  • Latest Daily Certified version November 15, 2011 revision 038
  • Initial Weekly Certified release date November 16, 2011
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Android package file
The application arrives as one of the following application packages:

APK: Update.apk
Name: Update


Installation
The application must be manually installed.

The application will create an icon that looks like a cog wheel.



Permissions
When the application is being installed, it requests permissions to perform the following actions:

  • Start once the device has finished booting.
  • Write to external storage devices.
  • Access information about the WiFi state.
  • Open network connections.
  • Access information about networks.
  • Check the phone's current state.


System monitoring
The application will gather photos from the device and send them to a predetermined email address on a weekly basis.


Functionality
This risk is a modified version of a legitimate application. The developer offers to create customized versions of the application for a fee, which contain customized email addresses, icons, and application names, in order to mask the risk on a compromised device.
You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


Install Norton Mobile Security
If you do not already have Norton Mobile Security installed on your device, please download the product from the Android marketplace .

Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
  1. Select the 90-Day free download.
  2. Click on the Android icon to begin downloading the product.
  3. Click on Install in order to accept the permissions that are being requested by the program.
  4. Next, click Open and then Agree & Launch.

Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and press Submit .


Run a full system scan
Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
  1. Navigate to the Anti-Malware tab.
  2. Click Scan Now.


Manual removal
To remove this risk manually, please perform the following actions:
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, click Manage.
  4. Select the application and click the Uninstall button.