Mobile Virus

Android/NickiSpy.C!tr.spy

Analysis

Android/NickiSpy.C!tr.spy is a variant of Android/NickiSpy.A!tr.spy. The differences with variant A are the following:

  • it displays an icon in the Application Launcher, but the malware is named "Android System Message", a name that will probably have the victim believe this is a genuine system application.
  • the attacker may view the results from a website front-end on [REMOVED]mo.com
  • the malware has a settings panel with several options


.

Recommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.