Android Locker Trojan in the wild
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: Nero.lockphone
Version number: 1.0
When the Trojan is being installed, it requests permissions to perform the following actions:
- Access information about the Wi-Fi state.
- Change Wi-Fi state
- Start once the device has finished booting
- End background processes
- Access list of current or recently running tasks
- Prevent processor from sleeping or screen from dimming
- Send SMS messages
Once installed, the application will display an icon with a picture of a red-haired boy on a bicycle.
When the Trojan is executed, it creates a service with the following name:
Next, the Trojan locks the screen to block the user from accessing the compromised device.