Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Android.MobileBackup

Android.MobileBackup

Updated:
March 10, 2014
Name:
MBackup
Risk Impact:
Low
Systems Affected:
Android

Behavior

Android.MobileBackup is a spyware application for Android devices that monitors the affected device.

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: com.mobilefonex.mobilebackup
Name: MBackup

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
  • Access location information, such as GPS information.
  • Send SMS messages.
  • Start once the device has finished booting.
  • Check the phone's current state.
  • Read user's contacts data.
  • Monitor incoming SMS messages.
  • Write to external storage devices.
  • Monitor, modify, or end outgoing calls.
  • Access information about the WiFi state.
  • Access location information, such as Cell-ID or WiFi.
  • Prevent processor from sleeping or screen from dimming.
  • Initiate a phone call without using the Phone UI or requiring confirmation from the user.
  • Create new SMS messages.
  • Access information about networks.
  • Open network connections.
  • Use the device's mic to record audio.
  • Mount and unmount file systems for removable storage.
  • Restart packages.
  • Create new contact data.
  • Modify the telephony state.
  • Read SMS messages on the device.

Installation
Once installed, the application will display an icon with a grey phone with a blue screen and a memory card in front of it.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version October 02, 2014 revision 022
  • Initial Daily Certified version February 27, 2014 revision 009
  • Latest Daily Certified version February 27, 2014 revision 009
  • Initial Weekly Certified release date June 15, 2011
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: com.mobilefonex.mobilebackup
Name: MBackup

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
  • Access location information, such as GPS information.
  • Send SMS messages.
  • Start once the device has finished booting.
  • Check the phone's current state.
  • Read user's contacts data.
  • Monitor incoming SMS messages.
  • Write to external storage devices.
  • Monitor, modify, or end outgoing calls.
  • Access information about the WiFi state.
  • Access location information, such as Cell-ID or WiFi.
  • Prevent processor from sleeping or screen from dimming.
  • Initiate a phone call without using the Phone UI or requiring confirmation from the user.
  • Create new SMS messages.
  • Access information about networks.
  • Open network connections.
  • Use the device's mic to record audio.
  • Mount and unmount file systems for removable storage.
  • Restart packages.
  • Create new contact data.
  • Modify the telephony state.
  • Read SMS messages on the device.

Installation
Once installed, the application will display an icon with a grey phone with a blue screen and a memory card in front of it.



Functionality
The spyware monitors the compromised device.

The Application creates the following receivers:
  • .receivers.PackageAdded
  • com.secneo.listephone.PhoneReceiver
  • .receivers.SMSIn
  • .receivers.SystemState
  • com.secneo.callphone.SMSReceiver
  • .receivers.PhoneState

The Application creates the following services:
  • com.mobilefonex.mobilebackup.processes.DaemonEventMonitorService
  • com.mobilefonex.mobilebackup.processes.DaemonSchedulerService
  • com.mobilefonex.mobilebackup.processes.DaemonEventProcessingService
You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


Install Norton Mobile Security
If you do not already have Norton Mobile Security installed on your device, please download the product from the Google Play Store .

Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
  1. Select the 90-Day free download.
  2. Select the Android icon to begin downloading the product.
  3. Select Install in order to accept the permissions that are being requested by the program.
  4. Next, select Open and then Agree & Launch.

Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and select Submit .


Run a full system scan
Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
  1. Navigate to the Anti-Malware tab.
  2. Select Scan Now.


Manual removal
To remove this risk manually, please perform the following actions:
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, select Manage.
  4. Select the application and select Uninstall.
Writeup By: Mario Ballano