Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Android.Spyoo

Android.Spyoo

Updated:
August 17, 2012
Infection Length:
200,000 to 300,000 bytes
Name:
Spyoo
Version:
1.1
Publisher:
Copy9
Risk Impact:
Low
Systems Affected:
Android

Behavior

Android.Spyoo is a spyware program for Android devices that records and sends certain information to a remote location.

Android package file
The risk may arrive as a package with one of the following names:

APK:
  • iits.spyoo
  • org.copy
Name: Copy9


Installation
The program must be installed manually. There is no launch icon displayed after installation.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version October 02, 2014 revision 022
  • Initial Daily Certified version August 07, 2012 revision 018
  • Latest Daily Certified version August 07, 2012 revision 018
  • Initial Weekly Certified release date August 08, 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Android package file
The risk may arrive as a package with one of the following names:

APK:
  • iits.spyoo
  • org.copy

Name: Copy9


Permissions

When the risk is being installed, it requests permissions to perform the following actions:
  • Access location information, such as Cell-ID or WiFi
  • Access location information, such as GPS information
  • Allows applications to disable the keyguard
  • Check the phone's current state
  • Create new contact data
  • Create new SMS messages
  • Initiate a phone call without using the Phone UI or requiring confirmation from the user
  • Make the phone vibrate
  • Modify audio settings
  • Monitor, modify, or end outgoing calls
  • Open network connections
  • Prevent processor from sleeping or screen from dimming
  • Read or write to the system settings
  • Read SMS messages on the device
  • Read SMS messages on the device
  • Read user's contacts data
  • Start once the device has finished booting
  • Write to external storage devices


Installation
The program must be installed manually. There is no launch icon displayed after installation. A predefined code must be dialed to access the configuration interface.

When the program is installed, the following information must be configured:
  • Email
  • Password

On the settings page the user can configure the following options:
  • General
  • GPS
  • Auto Answer
  • Call
  • SMS
  • URL






Functionality
A predefined code must be dialed to access the configuration interface. The program then displays a logo followed by a login page with the following options:
  • Settings
  • About
  • Exit








System monitoring
The program records the following information from the device:
  • Browsing history
  • Call logs
  • GPS location
  • SMS messages

The program then periodically uploads the above information to a remote location.
You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


Install Norton Mobile Security
If you do not already have Norton Mobile Security installed on your device, please download the product from the Google Play Store .

Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
  1. Select the 90-Day free download.
  2. Select the Android icon to begin downloading the product.
  3. Select Install in order to accept the permissions that are being requested by the program.
  4. Next, select Open and then Agree & Launch.

Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and select Submit .


Run a full system scan
Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
  1. Navigate to the Anti-Malware tab.
  2. Select Scan Now.


Manual removal
To remove this risk manually, please perform the following actions:
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, select Manage.
  4. Select the application and select Uninstall.
Writeup By: Beannie Cai