Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Android.Laucassspy

Android.Laucassspy

Updated:
September 27, 2012
Risk Impact:
Medium
Systems Affected:
Android

Behavior

Android.Laucassspy is a spyware program for Android devices that steals information and sends it to a remote location.

Android package file
The spyware program may arrive as a package with the following characteristics:

Package name: com.laucass.androsmscontrol


Installation
The program must be installed manually. Once installed, the program does not display an icon.

Antivirus Protection Dates

  • Initial Rapid Release version September 25, 2012 revision 006
  • Latest Rapid Release version September 25, 2012 revision 006
  • Initial Daily Certified version September 25, 2012 revision 018
  • Latest Daily Certified version September 25, 2012 revision 018
  • Initial Weekly Certified release date September 26, 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Android package file
The spyware program may arrive as a package with the following characteristics:

Package name: com.laucass.androsmscontrol


Permissions
When the spyware is being installed, it requests permissions to perform the following actions:
  • Access information about, and change the WiFi state
  • Access location information, GPS, Cell-ID, or WiFi
  • Change the phone state, such as powering it on and off
  • Check the phone's current state
  • Create, read, and send SMS messages on the device
  • Discover and connect to paired Bluetooth devices
  • Modify global audio settings
  • Monitor incoming SMS and MMS messages
  • Monitor, modify, or end outgoing calls
  • Open network connections
  • Read and write the secure system settings
  • Read or write to the system settings
  • Read the browsing history and bookmarks
  • Read user's contacts data
  • Start once the device has finished booting
  • Use the microphone on the device to record audio
  • Write to external storage devices


Installation
The program must be installed manually. Once installed, the program does not display an icon.


Functionality
The spyware creates the following receivers:
  • AndroSmsControlReceiver
  • PhoneControlDeviceAdminReceiver

Next, it creates the following service:
AndroSmsControlService

The above service is started once any of the following commands are sent to the receivers:
  • android.provider.Telephony.SMS_RECEIVED
  • android.intent.action.NEW_OUTGOING_CALL
  • android.intent.action.USER_PRESENT
  • android.intent.action.BOOT_COMPLETED
  • android.net.conn.CONNECTIVITY_CHANGE
  • android.intent.action.PHONE_STATE
  • android.intent.action.NEW_INCOMING_SMS
  • android.intent.action.NEW_OUTGOING_SMS
  • android.intent.action.NEW_INCOMING_MMS
  • android.intent.action.NEW_OUTGOING_MMS
  • android.intent.action.NEW_PICTURE
  • android.intent.action.NEW_VIDEO


The program may also perform the following actions when predetermined keywords are present in SMS messages:
  • Clear application configuration
  • Forward applications list
  • Forward bookmarks and visited URL history
  • Forward contacts list
  • Start or stop audio recording
  • Start or stop phone monitoring
  • Switch GPS on or off
  • Switch WiFi on or off


System monitoring
The program is capable of sending the following information within a hidden file to the remote attacker in an SMS message or in email format:
  • Phone call notifications
  • Phone calls as an audio file
  • Phone location
  • Pictures and videos taken with the phone
  • SMS and MMS messages
You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


Install Norton Mobile Security
If you do not already have Norton Mobile Security installed on your device, please download the product from the Google Play Store .

Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
  1. Select the 90-Day free download.
  2. Select the Android icon to begin downloading the product.
  3. Select Install in order to accept the permissions that are being requested by the program.
  4. Next, select Open and then Agree & Launch.

Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and select Submit .


Run a full system scan
Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
  1. Navigate to the Anti-Malware tab.
  2. Select Scan Now.


Manual removal
To remove this risk manually, please perform the following actions:
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, select Manage.
  4. Select the application and select Uninstall.
Writeup By: Tommy Dong