Home » Alerts » Android.AVPasser.A a new Android Malware Detected

A new version of mobile malware that affects Android based smart devices has been detected by the BullGuard Labs. An amazing feature of this malware is that it identifies certain mobile security applications on the device and alters their databases in order to stop detection.

BullGuard Detection: Android.AVPasser.A

Like all other types of Android malware, this version too has the skills to modify particular system files and steal secret data and information, and then distribute the same to remote servers/devices.

Full Analysis of the Malware

Once the Android.AVPasser.A infection reaches an Android device, it forms several icons in the Application Tray of the device. The below shown icons that are created by the malware.

ZnJvbT1jc2RuJnVybD0zTVRPeFFETzFZVE0zSVRNd1FUTXdJekwwVm1idTRHWnpObUxuOUdiaTV5WnRsMkx2b0RjMFJIYQ 002

If the user tabs on any of these icon shortcuts, the icons deletes from the Application Tray. But, upon viewing the Active Applications Window one can still view the SystemService.class running in the background. This can be viewed in the screenshot.

What this Malware does in PC?

Once installed in the system, this malware has the skills of stealing the following information from the compromised gadget:

  • Videos recorded by the front and rear cameras
  • Images
  • Contact Numbers
  • SMS messages
  • Call history
  • GPS location and history of the device

Device particular data like as:

  • IMEI (International Mobile Station Equipment Identity)
  • Build version
  • IMSI (International Mobile Subscriber Identity)
  • Device ID
  • MDN (Mobile Directory Number)

As well as, the application also gains access over the network activity and explores an infected URL.

Other Tasks of the Malware:

1.) Once it reaches an Android gadget, the malware looks for the survival of a config.txt file at a preset place on the machine. If found, the malware erases the file and create an infected file of its own.

2.) The malware distributes the information that it gathers in the following situations:

  • When any message is received by the gadget.
  • When any media connection is established or blocked.
  • When the device screen switch ON or OFF.

3.) The malware calls CameraPicService from the SystemService.class and then executes a series at an interval of 2 minutes to verify the number of cameras connected to the gadget.

4.) Lastly, the malware gathers and analyzes all the software that is installed on the infected device and matches them to check if any of them is a mobile security application. Once an application is confirmed to be a mobile security application, the malware alters the database of the safety application in order to avoid detection.

BullGuard Total Security for Android devices and BullGuard Mobile Security actively offer Android malware recognition and Android malware elimination as soon as this malware reaches the device. Experts strongly suggest that you install the latest updated versions of either of these applications to make sure proper protection against this malware and other related infections.

The best part of this Antivirus is it’s after sale service; user can dial toll-free number of BullGuard Technical Support for any help. The technicians are always available to fix the customer issues by taking the remote access of the device. The technicians will take the remote access of the device to fix all problems associated with it. Only experienced technicians are hired, those are certified by the Microsoft.