TrojanSpy:AndroidOS/Pjapps.A is a detection for an application and trojan that runs on Android OS mobile devices and attempts send sensitive information to a remote server. The trojan could also send SMS messages to other phones and allow limited remote control of the mobile device.
TrojanSpy:AndroidOS/Pjapps.A may be downloaded and installed manually from an unauthorized Android Apps website as a standard Android package file (.APK) installer for mobile devices running the Android platform. When run, the trojan attempts to send user identifiable data to a remote server. The trojan executes as a service in background.
Collects and sends sensitive data to a remote server
TrojanSpy:AndroidOS/Pjapps.A collects the following user identifiable information:
Current phone number
SIM card serial number
The trojan reports its installation and sends the collected sensitive information is sent to a remote server (such as "log.meego91.com"). The trojan also retrieves a list of phone numbers which are used to send SMS messages.
Allows limited remote control of the mobile device
TrojanSpy:AndroidOS/Pjapps.A attempts to retrieve instructions from a remote server, such as "log.meego91.com", which may have following actions:
Send specified SMS content and a URL to a phone number retrieved from the remote server
Add bookmarks with specified title and URL
Download and install a specified .APK files from a specified URL
Display a popup window requesting the user to visit a specified URL
In the last action, once a user attempts to visit the URL, the trojan will use one of following browsers to visit the URL, if available, in the following order:
TrojanSpy:AndroidOS/Pjapps.A may add following URLs as bookmarks:
Blocks inbound SMS messages
TrojanSpy:AndroidOS/Pjapps.A blocks SMS that may arrive from numbers listed in a private log file named "android.log".
Analysis by Shawn Wang
The following system changes may indicate the presence of this malware: