Threat Descriptions

Monitoring-Tool:Android/AndroidAgent.A

Classification

Category :

Malware

Type :

Monitoring-Tool

Platform :

Android

Aliases :

-

Summary

AndroidAgent.A is a monitoring tool that silently records phone calls and checks for incoming SMS messages.

Removal

Once the scan is complete, the F-Secure security product will ask if you want to uninstall the file, move it to the quarantine or keep it installed on your device.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

AndroidAgent.A is a tool that monitors phone calls and SMS messages in the compromised device.

During installation, it requests for a number of permissions that will allow it to access contact data, SMS messages, location and Internet access on the affected device. Once installed, it hides its presence by not placing any significant icon on the home screen.

Permissions requested by AndroidAgent.A

AndroidAgent.A silently records all incoming and outgoing calls, and checks for specific incoming SMS messages. The content found at the beginning of these messages will determine further actions to be carried out next.

  • 0#: Master Number. Store the number from sender as Administrator.
  • 99#: Register Shareware. Use the number to register shareware.
  • 9#: Send an SMS message containing IMEI and SIM serial number to the Master Number.
  • 18#: Store the string after '#' as 'UserName,' and use it for uploading recorded files inhttp://[...]loongware.com/[...]/upload.php.
  • 10#: Start 'MyPeopleService' that sends SMS messages containing contact details from the phone book to the Master Number.
  • 8#: Start 'MyLocationService' that sends the location of the device.

While apps with such behavior may be legitimately used by the device's authorized user, they are classified by security programs as riskware because in the hands of unauthorized users, they can also be used to cause damage to the user's data or the device.

If you are confident that you are aware of the risks involved in using the program and consent to its use, you may choose to keep it installed on your device.