Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Android.Pdaspy

Android.Pdaspy

Updated:
November 16, 2011
Name:
Phone monitoring PRO+, GPS Spy Phone Tracking PRO+
Version:
3.1, 7.1
Publisher:
Sherlock Mobile App
Risk Impact:
High
Systems Affected:
Android

Behavior

Android.Pdaspy is a spyware application for Android devices that periodically gathers information from the device and uploads it to a predetermined location.

Android package file
The application arrives as one of the following application packages:

Free version:
APK: com.androidapp.pdaspy.apk
Version: 3.1
Publisher: Sherlock Mobile App
Marketplace name: Phone monitoring PRO+

Paid version:
APK: com.androidapp.conflite.apk
Version: 7.1
Publisher: Sherlock Mobile App
Marketplace name: GPS Spy Phone Tracking PRO+


Installation
The application must be manually installed.

Once installed, the application will display an icon depicting a cog wheel with the name "Conf Lite".



An attacker must have access to the device to log into the application and configure it. After this, the application will no longer appear in the standard Applications menu. However, it will still appear in the Settings > Applications > Manage Applications menu.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version November 15, 2011 revision 019
  • Latest Daily Certified version November 15, 2011 revision 019
  • Initial Weekly Certified release date November 16, 2011
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Android package file
The application arrives as one of the following application packages:

Free version:
APK: com.androidapp.pdaspy.apk
Version: 3.1
Publisher: Sherlock Mobile App
Marketplace name: Phone monitoring PRO+

Paid version:
APK: com.androidapp.conflite.apk
Version: 7.1
Publisher: Sherlock Mobile App
Marketplace name: GPS Spy Phone Tracking PRO+


Installation
The application must be manually installed.

Once installed, the application will display an icon depicting a cog wheel with the name "Conf Lite".



An attacker must have access to the device to log into the application and configure it. After this, the application will no longer appear in the standard Applications menu. However, it will still appear in the Settings > Applications > Manage Applications menu.


Permissions
When the application is being installed, it requests permissions to perform the following actions:

  • Open network connections.
  • Check the phone's current state.
  • Read contact data.
  • Read SMS messages on the device.
  • Access location information, such as GPS, Cell-ID or WiFi.
  • Start once the device has finished booting.
  • Prevent processor from sleeping or screen from dimming.


System monitoring
The application will then periodically upload the following information to a predetermined website:
  • Call history
  • Text messages
  • GPS coordinates

An attacker can later log into the website and access the gathered information.
You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


Install Norton Mobile Security
If you do not already have Norton Mobile Security installed on your device, please download the product from the Android marketplace .

Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
  1. Select the 90-Day free download.
  2. Click on the Android icon to begin downloading the product.
  3. Click on Install in order to accept the permissions that are being requested by the program.
  4. Next, click Open and then Agree & Launch.

Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and press Submit .


Run a full system scan
Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
  1. Navigate to the Anti-Malware tab.
  2. Click Scan Now.


Manual removal
To remove this risk manually, please perform the following actions:
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, click Manage.
  4. Select the application and click the Uninstall button.