ANDROIDOS_SPYNT.HRX

This backdoor gathers device information. It monitors all incoming and outgoing calls.

Mobile Malware Routine

This backdoor gathers the following device information:

• imei
• Wi-Fi MAC address
• cellphone information

It posts the following information to its command and control (C&C) server:

• Call logs
• SMS
• Contacts
• Location
• Phone accounts

It monitors all incoming and outgoing calls.

It does the following when installed on the affected device:

• install other apk

The SMS message it sends contains the following text:

• send|

Upon installation, it asks for the following permissions:

• android.permission.ACCESS_COARSE_LOCATION
• android.permission.ACCESS_FINE_LOCATION
• android.permission.ACCESS_NETWORK_STATE
• android.permission.ACCESS_WIFI_STATE
• android.permission.BIND_NOTIFICATION_LISTENER_SERVICE
• android.permission.CALL_PHONE
• android.permission.CAMERA
• android.permission.CHANGE_WIFI_STATE
• android.permission.GET_ACCOUNTS
• android.permission.INTERNET
• android.permission.KILL_BACKGROUND_PROCESSES
• android.permission.READ_CALL_LOG
• android.permission.READ_CONTACTS
• android.permission.READ_PHONE_STATE
• android.permission.READ_SMS
• android.permission.RECEIVE_BOOT_COMPLETED
• android.permission.RECORD_AUDIO
• android.permission.SEND_SMS
• android.permission.SET_WALLPAPER
• android.permission.SET_WALLPAPER_HINTS
• android.permission.SYSTEM_ALERT_WINDOW
• android.permission.VIBRATE
• android.permission.WAKE_LOCK
• android.permission.WRITE_CONTACTS
• android.permission.WRITE_EXTERNAL_STORAGE

Based on analysis of the codes, it has the following capabilities:

• get all contacts
• execute shell command
• record the environment voice

It is capable of doing the following:

• take photo