Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: Nero.lockphone
Version number: 1.0

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:

• Access information about the Wi-Fi state.
• Change Wi-Fi state
• Start once the device has finished booting
• End background processes
• Access list of current or recently running tasks
• Prevent processor from sleeping or screen from dimming
• Send SMS messages

Installation
Once installed, the application will display an icon with a picture of a red-haired boy on a bicycle.

Functionality
When the Trojan is executed, it creates a service with the following name:

• killserve

Next, the Trojan locks the screen to block the user from accessing the compromised device.