Last week, we reported on ANDROIDOS_NICKISPY.A and ANDROIDOS_NICKISPY.B, Android malware thatrecorded phone calls made from infected devices then sent stolen information to a remote site.
This week, we saw another Android malware with the same code structure as ANDROIDOS_NICKISPY.A. Like the latter, this does not display an icon and executes similar routines, save for some modifications.
Detected by Trend Micro products as ANDROIDOS_NICKISPY.C, it uses the following services:
- MainService
- AlarmService
- SocketService
- GpsService
- CallRecordService
- CallLogService
- UploadService
- SmsService
- ContactService
- SmsControllerService
- CommandExecutorService
- RegisterService
- CallsListenerService
- KeyguardLockService
- ScreenService
- ManualLocalService
- SyncContactService
- LocationService
- EnvRecordService
It is also capable of receiving commands via text messages. To do so, however, it requires the sender to use the predefined “controller” number from the malware’s configuration file to send a message as well as to enter a password to execute the command.
Listening In
Like other ANDROIDOS_NICKISPY variants, ANDROIDOS_NICKISPY.C also has the capability to record phone calls made from infected devices. What makes this particular variant different is that it has the capability to automatically answer incoming calls.
- The call must come from the number on the “controller” tag from its configuration file.
- The phone screen must be turned off.
The “auto-answering” function of this malicious Android app works only on Android 2.2 and below since theMODIFY_PHONE_STATE permission was disabled in Android 2.3.
For ways to keep your Android-based devices secure, check out our e-book, “5 Simple Steps to Secure YourAndroid-Based Smartphones.”
via : TrendMicro