Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Android.Penetho

Android.Penetho

Updated:
October 01, 2012
Risk Impact:
Low
Systems Affected:
Android

Behavior

Android.Penetho is a hacktool for Android devices that can be used to crack the WiFi password of the router that the device is using.

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: com.h1xumz.penetratepro
Publisher: penetrate.underdev.org
Version: 4.8.3
Name: Penetrate Pro


Installation
Once installed, the application displays an icon with the text of "Penetrate Pro".

Antivirus Protection Dates

  • Initial Rapid Release version September 18, 2012 revision 039
  • Latest Rapid Release version March 06, 2013 revision 009
  • Initial Daily Certified version September 19, 2012 revision 002
  • Latest Daily Certified version March 06, 2013 revision 017
  • Initial Weekly Certified release date October 03, 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: com.h1xumz.penetratepro
Publisher: penetrate.underdev.org
Version: 4.8.3
Name: Penetrate Pro


Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
  • Access coarse location, e.g. Cell-ID, WiFi
  • Access information about networks, including WiFi
  • Allow read-only access to the phone state
  • Change the Wi-Fi connectivity state
  • Install a shortcut
  • Open network sockets
  • Use PowerManager WakeLocks to keep the processor from sleeping or the screen from dimming
  • Write to external storage devices


Installation
Once installed, the application displays an icon with the text of "Penetrate Pro".



Functionality
The program downloads a dictionary from the following location:
penetrate.underdev.org

It then cracks the WiFi login password for the router that the device is using.
You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


Install Norton Mobile Security
If you do not already have Norton Mobile Security installed on your device, please download the product from the Google Play Store .

Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
  1. Select the 90-Day free download.
  2. Select the Android icon to begin downloading the product.
  3. Select Install in order to accept the permissions that are being requested by the program.
  4. Next, select Open and then Agree & Launch.

Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and select Submit .


Run a full system scan
Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
  1. Navigate to the Anti-Malware tab.
  2. Select Scan Now.


Manual removal
To remove this risk manually, please perform the following actions:
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, select Manage.
  4. Select the application and select Uninstall.
Writeup By: Daniel Xiang