AndroidOS_XLoaderPacker.ISE

This Spyware may be manually installed by a user.

It creates folders where it drops its files.

It poses as an Android app using different app names. It monitors all incoming and outgoing calls. It drops and runs other files on the device.

Arrival Details

This Spyware may be manually installed by a user.

Other Details

This Spyware is capable of locking the screen of the affected system.

It adds the following scheduled tasks:

• Regularly check the top activity

Mobile Malware Routine

This Spyware poses as an Android application that uses random names such as the following:

• Chrome

It receives commands from the following C&C server(s):

• {BLOCKED}.{BLOCKED}.227.31:28877

It monitors all incoming and outgoing calls.

It drops and executes the following file(s):

• 683c1c181f3229e350d35e3765cf23ad1787acd8367e94e66890e39dd71174bd

Upon installation, it asks for the following permissions:

• android.permission.ACCESS_WIFI_STATE
• android.permission.CHANGE_NETWORK_STATE
• android.permission.CALL_PHONE
• android.permission.WRITE_EXTERNAL_STORAGE
• android.permission.READ_EXTERNAL_STORAGE
• android.permission.ACCESS_NETWORK_STATE
• android.permission.MODIFY_AUDIO_SETTINGS
• android.permission.RECEIVE_BOOT_COMPLETED
• android.permission.WAKE_LOCK
• android.permission.INTERNET
• android.permission.RECEIVE_SMS
• android.permission.READ_SMS
• android.permission.SEND_SMS
• android.permission.SYSTEM_ALERT_WINDOW
• android.permission.READ_CONTACTS
• android.permission.READ_PHONE_STATE
• android.permission.GET_ACCOUNTS
• android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS