February 17, 2012 By Nathan Collier

An Evolution of Android Malware “My How You’ve Grown PJAPPS!” (Part 1)

We’ve all seen software grow.  We watch as our favorite software adds on new features and becomes better at what it does.  Malware writers are no different, they want their software to have more features as well as steal even more information. PJApps is a good example of this. PJApps is a Trojan that’s been around for a while causing havoc by being bundled in legitimate applications found in alternative Android markets, it is capable of opening a backdoor, stealing data and blocking sms behind the scenes.  In one variant of PJApps it requests the following permissions to steal information:

INTERNET
RECEIVE_SMS
SEND_SMS
READ_HISTORY_BOOKMARKS
WRITE_HISTORY_BOOKMARKS
INSTALL_PACKAGES
WRITE_EXTERNAL_STORAGE
READ_PHONE_STATE

Here’s some of things the older variants of PJApps stole:

-SIM Card Number
-Telephone Number
-IMSI Number

 

 

 

PJApps has grown quite a bit since its first variants.  Here’s a list of all the fun stuff it has access to now:

ACCESS_CACHE_FILESYSTEM
ACCESS_COARSE_LOCATION
ACCESS_DOWNLOAD_MANAGER
ACCESS_DOWNLOAD_MANAGER_ADVANCED
ACCESS_DRM
ACCESS_FINE_LOCATION
ACCESS_NETWORK_STATE
ACCESS_WIFI_STATE
CHANGE_NETWORK_STATE
INSTALL_DRM
READ_LOGS
READ_SMS
RECEIVE_WAP_PUSH
SEND_DOWNLOAD_COMPLETED_INTENTS
VIBRATE
WRITE_APN_SETTINGS
WRITE_CALENDAR
WRITE_CONTACTS
WRITE_OWNER_DATA
WRITE_SETTINGS
WRITE_SMSWRITE_SYNC_SETTINGS

In this variant,  PJApps pretends to be SyncMyPix package name com.nloko.android.syncmypix, an app used to automatically update your contacts with your Facebook friend’s photos… which this malicious app will do plus some extra nasty stuff in the background.  Here’s a list of some of the stuff it does that the first variant didn’t:

-Tracks the time and location of where you are:

– Obvious sign of downloading and installing an apk in the background

It also can:
-Reads logs
-Write to Calendar
-Write to Contacts

Quite a few more features than other versions of PJApps.  Really have to wonder why a picture sync app would track your location and block incoming SMS, another reminder to choose your apps wisely and download from a trusted source. Check reviews, research and verify permissions requested before installing and on updates to apps.

Share Button
true