QdPlugin.A sends out device information to remote servers, and receives commands from the servers, which may instruct it to carry out certain activities.
QdPlugin.A is repackaged into another legitimate application before being distributed to potential victims. Once installed and activated on a device, the malware will send out device information such as IMEI number and IMSI number to remote servers.
It also receives commands from the servers, which may instruct it to carry out actions such as installing and removing packages. The command and control servers' URLs are stored and encoded with a symple byte shift algorithm within the embedded malicious APK.
Date Created: 2013-03-06 00:00:00.0
Date Last Modified: 2013-03-06 00:00:00.0