If your smartphone or tablet has an application with a “gray face biting a pink SIM card”, unfortunately you are infected by a Trojan. This is a new virus named as Simhosy, designed to steal information from your phone or tablet (including those stored on the SD card) and send the data to a server via internet. Besides, this dangerous Trojan is able to intercept SMS messages sent and received, as well as phone calls, being a danger certainly your privacy and security. Till now, the virus is found only in Android smartphone and tablets.
How to Spread the Trojan Simhosy is through one of your contacts have previously been infected, or through networking downloads or P2P file sharing. Lacking the characteristic of self-propagating, it is necessary some of the means listed above to infect other devices.
This “friendly” virus showing on the screen of your smartphone or tablet an icon with a face biting a SIM card, comes to our devices as an application to manage our contacts (cn.hosy.simkawang), requiring user intervention (installation of) to infect the system (used social engineering techniques to trick users).
How to remove this Trojan from your smartphone?
To sanitize our system we have to go to the Android menu, select Settings and then Applications. Once we are in this menu and if you have Android 4.0 or earlier installed, go to Manage Applications and you should select the application and uninstall it. For higher versions have 4 on our smartphone or tablet applications and select All from the list that appears we have to select the application icon and proceed with removal.
Technical Details
- Threat level: 2 – Low
- Dissemination: Low
- Damage: Low
- Dispersibility: Low
- Full name of the virus: Trojan.Android / Simhosy @ Other
- Code Type: Trojan Horse: A program that seems beneficial or useful but turns out to be malicious at some point. It is not spread by itself.
- Platforms affected: Android INP Platform Independent
- File involved: Simhosy (2) Simhosy (1)
- Permanent residence Capacity: No. It has no ability to run automatically each reboot.
- Alias: Android. Simhosy (Symantec) Andr / Simhosy-A (Sophos)
- Self-propagating capacity: No
Lacks own spreading routine. You can reach the system in the following ways:
Other propagation mechanism
We can reach a contact (who is already infected)
Downloaded from a file-sharing program (P2P).
Symptoms An application displays an icon that is a gray face biting a pink SIM [[image: 11062013135341_Simhosy.png]]
When Simhosy runs, it performs the following actions:
-Other shares
-Infection method
-This Trojan arrives as contact management application. This package must be installed by the user (usually will use social engineering techniques to ‘convince’ the user.
Other details
The permissions that are granted to this application to be installed are:
- Accessing and changing the state of Wi-Fi
- Access information about networks
- Check the phone’s current state
- Initiate a call without using the graphical interface or require user confirmation
- Monitor and read the SMS from the device
- Mounting and un-mounting file systems for external storage (SD memory access)
- Open Network Connections
- Read and write contact data
- Write to external storage devices
The consequences of giving these permissions to an application can be very important, as it could establish communications: phone calls, read SMS messages could also connect Wi-Fi or other network connections to send the stolen data to a server Internet.
Given that some banks use SMS as operations validation codes, an application to be able to read the SMS and also can send data without the user’s knowledge, can be risky.
