Package names: com.hk515.doctor, com.hk515.activity
Malicious code is inserted in the package in the following locations:
When the Trojan is being installed, it requests permissions to perform the following additional actions:
Clear the caches of all installed applications on the device.
Read user's contacts data.
Monitor incoming SMS messages.
Read SMS messages on the device.
Send SMS messages.
Start once the device has finished booting.
Change the background wallpaper.
Monitor incoming WAP push messages.
The Trojan hides using the Android 'Master Key' vulnerability to keep the legitimate app signature valid.
The Trojan allows attackers to perform the following actions:
Open a back door
Steal sensitive data (such as IMEI and phone number) and sends it to apkshopping.com
Send premium SMS messages
Disable certain security apps by using any available root commands
Download. Email me if you need the password