Android Security Suite Premium is a Trojan horse that will disguise as antivirus program in order to mislead users. This Trojan may perform harmful actions once installed on the device. The threat may also gather sensitive information and sends it to a remote attacker. It may monitor the device activity and steal SMS messages and that arrives on the infected unit.
When this Trojan is installed, it may request permission to carry out the following actions:
– Retrieve information about network and WiFi connection.
– Add itself as a system service on the device.
– Modify the present configuration.
– Alter current network connection setup.
– Permit access to low-level power management.
– Open a network connection.
– Monitor, change, and end outgoing calls.
– Vibrate the phone on selected activities.
– Read or write to the system settings.
– Create and send SMS messages.
Once user executes Android Security Suite Premium, it will exhibit an “Activation Code,” which the Trojan gathers from the device ID of the infected unit. Below is the screenshot image of the Trojan when installed.
The threat may monitor incoming SMS messages and make a copy of it that will be stored on a remote location. It may also notify a remote attacker about the presence of the Trojan.
Next, remote attacker may now send commands to the infected unit to execute the following tasks:
- Disable or enable the program
- Remove the program from the system
- Transmit system information to the remote attacker, including device make and model, OS version, and existing version of the Trojan.
Damage Level: Low
Systems Affected: Android
This Trojan will arrive on a system as a downloaded file from third party web sites. It is an Android package file with the following details:
Name: Android Security Suite Premium