March 30, 2015  

Android Locker Trojan in the wild

Android package file
The Trojan may arrive as a package with the following characteristics:

Package name: Nero.lockphone
Version number: 1.0

Permissions
When the Trojan is being installed, it requests permissions to perform the following actions:

  • Access information about the Wi-Fi state.
  • Change Wi-Fi state
  • Start once the device has finished booting
  • End background processes
  • Access list of current or recently running tasks
  • Prevent processor from sleeping or screen from dimming
  • Send SMS messages

Installation
Once installed, the application will display an icon with a picture of a red-haired boy on a bicycle.

Functionality
When the Trojan is executed, it creates a service with the following name:

  • killserve

Next, the Trojan locks the screen to block the user from accessing the compromised device.

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: