Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Android.Spytekcell

Android.Spytekcell

Updated:
December 17, 2013
Version:
1.0
Risk Impact:
Low
Systems Affected:
Android

Behavior

Android.Spytekcell is a spyware program for Android devices that monitors and sends certain information to a remote location.



Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: dc.dhingra.program
Version: 1.0


Installation
The spyware program must be manually installed on the device.

Once installed, the application will display an icon with the text "Android" above a green robot on a white background.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version December 10, 2013 revision 017
  • Latest Daily Certified version December 10, 2013 revision 017
  • Initial Weekly Certified release date December 11, 2013
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: dc.dhingra.program
Version: 1.0


Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:
  • Monitor, read, send and create new SMS messages
  • Read user's contacts data
  • Broadcast an SMS receipt notification
  • Start once the device has finished booting
  • Initiate a phone call without using the Phone UI or requiring confirmation from the user
  • Check the phone's current state
  • Open network connections
  • Monitor, modify, or end outgoing calls


Installation
The program must be manually installed on the device.

Once installed, the application will display an icon with the text "Android" above a green robot on a white background.




Functionality
Once executed, the program installs itself as a receiver and a service with the following name:
SMSMonitor

The program then asks for a user name and password.



If it is the first time the program is executed, the user name and password is saved, otherwise, the entered user name and password will be checked against the one that was entered on first execution. If the correct credentials are entered, a configuration window is displayed.

The program can be configured to monitor incoming and outgoing SMS,
incoming and outgoing calls or both.

The program can also be configured to send monitoring
data through SMS to a specified number or through email to a specified
email address.



The monitored data is also sent to the following location:
monitor@celltekspy.com
You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


Install Norton Mobile Security
If you do not already have Norton Mobile Security installed on your device, please download the product from the Google Play Store .

Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
  1. Select the 90-Day free download.
  2. Select the Android icon to begin downloading the product.
  3. Select Install in order to accept the permissions that are being requested by the program.
  4. Next, select Open and then Agree & Launch.

Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and select Submit .


Run a full system scan
Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
  1. Navigate to the Anti-Malware tab.
  2. Select Scan Now.


Manual removal
To remove this risk manually, please perform the following actions:
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, select Manage.
  4. Select the application and select Uninstall.
Writeup By: Mark Anthony Balanza