Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Android.Spyagent

Android.Spyagent

Updated:
September 07, 2012
Risk Impact:
Medium
Systems Affected:
Android

Behavior

Android.Spyagent is a spyware application for Android devices that logs certain information and sends SMS messages to a predetermined phone number.

Android package file
The Trojan may arrive as a package with the following name:

APK:
  • jxsoftware.AndroidAgent
Version: 1.4
Name: Power Manager or Power Saver

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version October 02, 2014 revision 022
  • Initial Daily Certified version August 29, 2012 revision 003
  • Latest Daily Certified version August 29, 2012 revision 003
  • Initial Weekly Certified release date September 12, 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Android package file
The application may be downloaded from the following website:
JXSoftware.com

Its package has the following characteristics:

Package name: jxsoftware.AndroidAgent
Version: 1.4
Name: Power Manager or Power Saver




Permissions
When the risk is being installed, it requests permissions to perform the following actions:
  • Access location information, such as Cell-ID or WiFi
  • Check the phone's current state
  • Check the phone's current state
  • Create new contact data
  • Create new SMS messages
  • Initiate a phone call without using the Phone UI or requiring confirmation from the user
  • Monitor incoming SMS messages
  • Monitor, modify, or end outgoing calls
  • Open network connections
  • Read SMS messages on the device
  • Read user's contacts data
  • Send SMS messages
  • Start once the device has finished booting
  • Use the device's mic to record audio
  • Write to external storage devices


Installation
Once installed, the application waits for SMS messages containing commands. The application has no visible launch icon.

In the application manager list an image of the Android robot is displayed with the following text:
Power Saver



Functionality
The application receives commands from SMS messages sent to the device.

The commands received by the application may invoke the following functions:
  • Command "9#" instructs the application to send an SMS with the IMSI of the device to a predetermined phone number
  • Command "8#" instructs the application to record the latitude,longitude, or base station information of the device
  • Command "5#" instructs the application to remove the installed monitor APK from the device
  • Command "10#" instructs the application to send the device's address book to a predetermined phone number
You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


Install Norton Mobile Security
If you do not already have Norton Mobile Security installed on your device, please download the product from the Google Play Store .

Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
  1. Select the 90-Day free download.
  2. Select the Android icon to begin downloading the product.
  3. Select Install in order to accept the permissions that are being requested by the program.
  4. Next, select Open and then Agree & Launch.

Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and select Submit .


Run a full system scan
Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
  1. Navigate to the Anti-Malware tab.
  2. Select Scan Now.


Manual removal
To remove this risk manually, please perform the following actions:
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, select Manage.
  4. Select the application and select Uninstall.
Writeup By: Daniel Xiang