Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

PUA.ZenkokuDenwacho

PUA.ZenkokuDenwacho

Updated:
June 29, 2015
Infection Length:
184,402 - 202,213 bytes
Name:
Zenkoku Denwacho
Version:
1.2, 1.4, 1.5, 1.6
Publisher:
Jigensha
Risk Impact:
Low
Systems Affected:
Android

Behavior

PUA.ZenkokuDenwacho is an Android application that steals the devices contacts and uploads them to a remote location.

Note: Virus definitions dated June 26, 2015 or earlier detect this threat as ZenkokuDenwacho.

Android package file
The application may arrive as a package with the following characteristics:

Package name: info.jigensha.hellopage
Version: 1.2, 1.4, 1.5, 1.6
Name: (Japanese characters meaning "National Phone Book")


Installation
Once installed, the application will display an icon that looks like a phone book.


Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version June 26, 2015 revision 008
  • Initial Daily Certified version October 11, 2012 revision 002
  • Latest Daily Certified version June 26, 2015 revision 019
  • Initial Weekly Certified release date October 17, 2012
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Android package file
The application may arrive as a package with the following characteristics:

Package name: info.jigensha.hellopage
Version: 1.2, 1.4, 1.5, 1.6
Name: (Japanese characters meaning "National Phone Book")


Permissions
When the application is being installed, it requests permissions to perform the following actions:
    • Access location information, such as GPS information
    • Create mock location providers for testing
    • Create new contact data
    • Open network connections
    • Read user's contacts data

    Installation
    Once installed, the application will display an icon that looks like a phone book.




    Functionality
    The application is capable of searching a database for a name, phone number, or address of people across Japan.

    It utilizes the contacts of the device it is installed on. When the application is started, it collects the names, phone numbers, and home addresses of all contacts found on the device. Next, it sends the information to a remote location.
    You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.


    Install Norton Mobile Security
    If you do not already have Norton Mobile Security installed on your device, please download the product from the Google Play Store .

    Alternatively, you can navigate to the norton.mobi website from your device and download the product from there by completing the following steps:
    1. Select the 90-Day free download.
    2. Select the Android icon to begin downloading the product.
    3. Select Install in order to accept the permissions that are being requested by the program.
    4. Next, select Open and then Agree & Launch.

    Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and select Submit .


    Run a full system scan
    Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
    1. Navigate to the Anti-Malware tab.
    2. Select Scan Now.


    Manual removal
    To remove this risk manually, please perform the following actions:
    1. Open the Google Android Menu.
    2. Go to the Settings icon and select Applications.
    3. Next, select Manage.
    4. Select the application and select Uninstall.