Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan:Android/Gidix.A


Aliases:


Gidix
KRSMS-A, MisoSMS-B

Malware
Trojan
Android

Summary

Trojan:Android/Gidix.A appears to be a system settings manager application; while active however the app uploads sensitive data from the device to a remote server. It also silently sends SMS messages and monitors incoming calls and SMS messages.



Disinfection & Removal

F-Secure's Mobile Security product blocks installation of this program with default settings.



Technical Details

Trojan:Android/Gidix.A is distributed in the guise of a system settings manager app named adv Services. As part of the installation process, the app requests for device administrator access that can allow it to forcefully lock the device:

Trojan:Android/Gidix.A requesting device administrator access

Once installed, the app silently sends SMS messages. To disguise this activity, it also listens to incoming SMS messages and phones calls and checks their origin for the prefix +82 or 010 (possibly indicating this app was targeted to South Korean users); the app clears the call log of any matching messages or numbers.

In addition, the app silently sends the following information from the device to a remote server:

  • Recorded phone calls
  • SMS messages
  • Phone number
  • Network names

To protect itself, the app uses APKProtection obfuscation; it also contains code related to encryption and communication in a native library.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free