Trojan:Android/Gidix.A appears to be a system settings manager application; while active however the app uploads sensitive data from the device to a remote server. It also silently sends SMS messages and monitors incoming calls and SMS messages.
F-Secure's Mobile Security product automatically blocks installation of this program.
Trojan:Android/Gidix.A is distributed in the guise of a system settings manager app named adv Services. As part of the installation process, the app requests for device administrator access that can allow it to forcefully lock the device:Trojan:Android/Gidix.A requesting device administrator access
Once installed, the app silently sends SMS messages. To disguise this activity, it also listens to incoming SMS messages and phones calls and checks their origin for the prefix +82 or 010 (possibly indicating this app was targeted to South Korean users); the app clears the call log of any matching messages or numbers.
In addition, the app silently sends the following information from the device to a remote server:
- Recorded phone calls
- SMS messages
- Phone number
- Network names
To protect itself, the app uses APKProtection obfuscation; it also contains code related to encryption and communication in a native library.