AnalysisAndroid/NickiSpy.C!tr.spy is a variant of Android/NickiSpy.A!tr.spy. The differences with variant A are the following:
- it displays an icon in the Application Launcher, but the malware is named "Android System Message", a name that will probably have the victim believe this is a genuine system application.
- the attacker may view the results from a website front-end on [REMOVED]mo.com
- the malware has a settings panel with several options
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.