Riskware:Android/Fidall.A

Classification

Riskware

Riskware

Android iOS

Fidall.A

Summary

Fidall.A searches for contact details from the user's contact list, and synches the information with a remote server.

Removal

Automatic action

Once the scan is complete, the F-Secure security product will ask if you want to uninstall the file, move it to the quarantine or keep it installed on your device.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Distributed under the name Find and Call, this program first requests the user to register by providing their email address. It then searches for emails, addresses, and phone numbers from the user's contact list. This information is then synched with a remote server. Once synched, the server will send an SMS message containing a link to download the application to the contacts, which is essentially a spam. The SMS messages reportedly contain the user's phone number in the 'From' field.

Fidall.A's icon and request for the user to provide an email address

Another issue concerning Fidall.A is that the data transmitted between the device and the remote server is in plain text, which easily exposes the content if intercepted by another party.

The application is also fully capable of synching with the contacts from the user's email, Facebook, and Skype accounts. The application's website also reportedly allows user to enter their social network and online payment merchant details.

At the time of writing, both the Apple App Store and Google Play have removed the application. This incident marks the first time the Apple App Store has had to remove a trojan from its market.

Date Created: 2012-11-26 00:00:00.0

Date Last Modified: 2012-11-26 00:00:00.0