Android.RoidSec has the package name “cn.phoneSync”, but an application name of “wifi signal Fix”. From a ‘Malware 101’ standpoint, you would think the creators would have a descriptive package name that matches the application name. Not so, in this case. So what is Android.RoidSec? It’s a nasty, malicious app that sits in the background (and avoids installing any launcher icon) while collecting all sorts of info-stealing goodness.

Screenshot1 Screenshot2

Just look at this list of descriptive function names:

SendSmsMes – Sends SMS messages
acquireWakeLock – Forces the phone to stay on
getCallLogs – Collect call log
getContactInfo – Collect contacts
getInstalledApp – Collect installed apps
getPhoneLocation – Collect GPS location
getRomMemory – Collect memory size available on phone memory
getSDCardMemory – Collect SD memory size available
getSdcardDir – List all files on SD with timestamps
getSmsMessagesin – Collect incoming SMS messages
getSmsMessagesout – Collect outgoing SMS messages
getTasksInfo – List of apps currently running
getTotalMemory – Collect total amount of RAM
getWiFiStatus – Status of WiFi being on or off
getromDir – List all files on phone memory with timestamps
killFile – Deletes files on SD card

All collected information is sent off to a remote site. That’s a lot of information for a phone sync, wifi signal fix, or any app for that matter, to collect. The solution? Protect yourself from these info-stealing apps with Webroot SecureAnywhere Mobile and you won’t have to worry about your mobile identity being sent off to the bad guys.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This