Threat Description

Trojan:​Android/Gidix.A

Details

Aliases:Gidix, KRSMS-A, MisoSMS-B
Category:Malware
Type:Trojan
Platform:Android

Summary



Trojan:Android/Gidix.A appears to be a system settings manager application; while active however the app uploads sensitive data from the device to a remote server. It also silently sends SMS messages and monitors incoming calls and SMS messages.



Removal



F-Secure's Mobile Security product automatically blocks installation of this program.



Technical Details



Trojan:Android/Gidix.A is distributed in the guise of a system settings manager app named adv Services. As part of the installation process, the app requests for device administrator access that can allow it to forcefully lock the device:

Trojan:Android/Gidix.A requesting device administrator access

Once installed, the app silently sends SMS messages. To disguise this activity, it also listens to incoming SMS messages and phones calls and checks their origin for the prefix +82 or 010 (possibly indicating this app was targeted to South Korean users); the app clears the call log of any matching messages or numbers.

In addition, the app silently sends the following information from the device to a remote server:

  • Recorded phone calls
  • SMS messages
  • Phone number
  • Network names

To protect itself, the app uses APKProtection obfuscation; it also contains code related to encryption and communication in a native library.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More