Android.RoidSec: This app is an info stealing “sync-hole”!


Android.RoidSec has the package name “cn.phoneSync”, but an application name of “wifi signal Fix”. From a ‘Malware 101′ standpoint, you would think the creators would have a descriptive package name that matches the application name. Not so, in this case. So what is Android.RoidSec? It’s a nasty, malicious app that sits in the background (and avoids installing any launcher icon) while collecting all sorts of info-stealing goodness.

Screenshot1 Screenshot2

Just look at this list of descriptive function names:

SendSmsMes – Sends SMS messages
acquireWakeLock – Forces the phone to stay on
getCallLogs – Collect call log
getContactInfo – Collect contacts
getInstalledApp – Collect installed apps
getPhoneLocation – Collect GPS location
getRomMemory – Collect memory size available on phone memory
getSDCardMemory – Collect SD memory size available
getSdcardDir – List all files on SD with timestamps
getSmsMessagesin – Collect incoming SMS messages
getSmsMessagesout – Collect outgoing SMS messages
getTasksInfo – List of apps currently running
getTotalMemory – Collect total amount of RAM
getWiFiStatus – Status of WiFi being on or off
getromDir – List all files on phone memory with timestamps
killFile – Deletes files on SD card

All collected information is sent off to a remote site. That’s a lot of information for a phone sync, wifi signal fix, or any app for that matter, to collect. The solution? Protect yourself from these info-stealing apps with Webroot SecureAnywhere Mobile and you won’t have to worry about your mobile identity being sent off to the bad guys.


About the Author

Name: Nathan Collier

Nathan was a Senior Threat Research Analyst for Webroot, having been with the company since October 2009.  He started has career working on PC malware, but now spends most of his time in the mobile landscape researching malware on Android devices.  Because of his early adaptation to mobile security, Nathan has seen the exponential growth of mobile malware and is highly experienced in protecting Webroot customers from mobile threats. He also enjoys frequently traveling with his flight attendant wife, Megan, and is a competitive endurance mountain bike racer in Colorado.



  1. […] Go here to read the rest: Android.RoidSec: This app is an info stealing “sync-hole”! | Webroot … […]