While reverse-engineering this trojan I realized it's a new of can of worms for mobile devices. There have long been malicious downloaders on PCs, but I believe this is the first to be discovered for mobile devices.
The website from which this software was downloading additional components is offline. Analyzing this trojan without all of the downloaded parts from its server is a bit like completing a puzzle without all of the pieces. You have to determine the "shape" of the missing pieces by visualizing the empty spaces and by filling in the gaps.
So I'm still spending some time reading through the code and there are pieces that raise my interest. One of which you can see in the image below, and nobody else is mentioning as of yet —SMS.
If there is more to tell I'll be back with it next week.
