ANDROIDOS_WROBA.A

Rutina de Malware Móvil

Es un archivo que recopila la siguiente información del dispositivo móvil afectado:

• Phone number
• Device ID
• SDK version
• Manufacturer
• Bluetooth name
• Time and date when app was first installed
• Presence of Softbank/Docomo/Au app

Durante la instalación, solicita los siguientes permisos:

• android.permission.INTERNET
• android.permission.RECEIVE_BOOT_COMPLETED
• android.permission.READ_PHONE_STATE
• android.permission.ACCESS_NETWORK_STATE
• android.permission.ACCESS_WIFI_STATE
• android.permission.READ_SMS
• android.permission.BOOT_COMPLETED
• android.permission.WRITE_EXTERNAL_STORAGE
• android.permission.WRITE_EXTERNAL_STORAGE
• android.permission.MOUNT_UNMOUNT_FILESYSTEMS
• android.permission.MODIFY_AUDIO_SETTINGS
• android.permission.SYSTEM_ALERT_WINDOW
• android.permission.RECEIVE_SMS
• android.permission.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
• android.permission.READ_CONTACTS
• android.permission.CHANGE_WIFI_STATE
• android.permission.READ_EXTERNAL_STORAGE

También tiene la capacidad de:

• Lock screen and reset the password as 778877
• Apply for device admin privilege
• Parse contact information and upload
• Get indicated SMS & MMS messages and upload
• Uninstall detected legitimate banking app and replaced with malicious, fake app
• Control mute and ringing settings
• Delete files
• Hide icon