skullkey 2DC07DCA36487339F3935ACE890E42E0
Research: http://www.symantec.com/security_response/writeup.jsp?docid=2013-072322-5422-99&tabid=2
Package names: com.hk515.doctor, com.hk515.activity
Malicious code is inserted in the package in the following locations:
com.google.safemain
com.google.service
Permissions
When the Trojan is being installed, it requests permissions to perform the following additional actions:
Clear the caches of all installed applications on the device.
Read user's contacts data.
Monitor incoming SMS messages.
Read SMS messages on the device.
Send SMS messages.
Start once the device has finished booting.
Change the background wallpaper.
Monitor incoming WAP push messages.
Functionality
The Trojan hides using the Android 'Master Key' vulnerability to keep the legitimate app signature valid.
The Trojan allows attackers to perform the following actions:
Open a back door
Steal sensitive data (such as IMEI and phone number) and sends it to apkshopping.com
Send premium SMS messages
Disable certain security apps by using any available root commands
https://www.virustotal.com/en/file/555e343dcd060f1dece4a9c7f44cf3906f8f3d9cbf67f960fee6fccdd0baa2cf/analysis/1385350644/
No comments:
Post a Comment