Android.RoidSec has the package name “cn.phoneSync”, but an application name of “wifi signal Fix”. From a ‘Malware 101’ standpoint, you would think the creators would have a descriptive package name that matches the application name. Not so, in this case. So what is Android.RoidSec? It’s a nasty, malicious app that sits in the background (and avoids installing any launcher icon) while collecting all sorts of info-stealing goodness.
Just look at this list of descriptive function names:
SendSmsMes – Sends SMS messages
acquireWakeLock – Forces the phone to stay on
getCallLogs – Collect call log
getContactInfo – Collect contacts
getInstalledApp – Collect installed apps
getPhoneLocation – Collect GPS location
getRomMemory – Collect memory size available on phone memory
getSDCardMemory – Collect SD memory size available
getSdcardDir – List all files on SD with timestamps
getSmsMessagesin – Collect incoming SMS messages
getSmsMessagesout – Collect outgoing SMS messages
getTasksInfo – List of apps currently running
getTotalMemory – Collect total amount of RAM
getWiFiStatus – Status of WiFi being on or off
getromDir – List all files on phone memory with timestamps
killFile – Deletes files on SD card
All collected information is sent off to a remote site. That’s a lot of information for a phone sync, wifi signal fix, or any app for that matter, to collect. The solution? Protect yourself from these info-stealing apps with Webroot SecureAnywhere Mobile and you won’t have to worry about your mobile identity being sent off to the bad guys.
