|
Malware family | Detection rules | Suspicious functions |
|
FakePlayer | IF (SEND_SMS) && (CALL_sendTextMessage() with preset numbers) THEN Malware | sendTextMessage(7132, null, 846976, null, null) |
SMSReplicator | IF (SEND_SMS) && (CALL_sendTextMessage() with preset numbers) THEN Malware | sendTextMessage(1245, null, {From: 123456789 Hi how are you}, null, null) |
iMatch | IF Not (ACCESS_FINE_LOCATION) && IF (SEND_SMS) THEN Malware | requestLocationUpdates(); sendTextMessage() |
DroidKungFu1 | IF (INTERNET) && IF Not (ACCESS_FINE_LOCATION) ∥ IF (READ_PHONE_STATE) && IF (INTERNET) THEN Malware | getLatitude(); getLongitude(); getDeviceid(); getLIne1Number(); getImei() |
DroidKungFu4 | IF (INTERNET) && IF (READ_PHONE_STATE) THEN Malware | getDeviceid(); getLIne1Number(); getSimSerial(); getImei(); |
GoldDream (Purman) | IF (READ_PHONE_STATE) && IF Not (SEND_SMS) ∥ IF Not (READ_PHONE_STATE) && IF (INTERNET) THEN Malware | getDeviceId(); getLIne1Number(); getSimSerial(); sendTextMessage(); getImei() |
GoldDream (Dizz) | IF (READ_PHONE_STATE) && IF Not (SEND_SMS) ∥ IF Not (ACCESS_FINE_LOCATION) && IF (INTERNET) THEN Malware | getDeviceId(); getLIne1Number(); getSimSerial(); sendTextMessage(); requestLocationUpdates(); getImei() |
GGTracker | IF (READ_PHONE_STATE) && Not (SEND_SMS) ∥ IF Not (ACCESS_FINE_LOCATION) && IF (INTERNET) THEN Malware | getDeviceId(); getLIne1Number(); getSimSerial(); sendTextMessage(); requestLocationUpdates(); getImei() |
|