Trojan:Android/Gidix.A appears to be a system settings manager application; while active however the app uploads sensitive data from the device to a remote server. It also silently sends SMS messages and monitors incoming calls and SMS messages.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Trojan:Android/Gidix.A is distributed in the guise of a system settings manager app named adv Services. As part of the installation process, the app requests for device administrator access that can allow it to forcefully lock the device:
Trojan:Android/Gidix.A requesting device administrator access
Once installed, the app silently sends SMS messages. To disguise this activity, it also listens to incoming SMS messages and phones calls and checks their origin for the prefix +82 or 010 (possibly indicating this app was targeted to South Korean users); the app clears the call log of any matching messages or numbers.
In addition, the app silently sends the following information from the device to a remote server:
To protect itself, the app uses APKProtection obfuscation; it also contains code related to encryption and communication in a native library.