virus logo Mobile Virus

Android/Actehc.A!tr.spy

description-logoAnalysis

Android/Actehc.A!tr.spy is a trojan targetting Android mobile phones.
It sends the device's information to an HTTP server.

Technical Details


The trojan installs a service called StatService.
The service checks whether it has already sent data, and if not, will try to retrieve the following information:
  • Device IMEI
  • Subscriber ID
  • Phone number
  • SIM card serial number
  • Network Operator
It then sends the information to an HTTP server at:
  • http://stat.auctech.com/[REMOVED]
The HTTP request also contains information about the trojan version (here it is 1.0.0).

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2019-04-03 67.53000
2019-03-27 67.36200
2018-11-07 64.00500
ID 3430757
Released Jan 12, 2012
Description
Updated		 Jan 13, 2012
Aliases Kaspersky: Trojan-Spy.AndroidOS.Actehc.a
Platform Profile Android platform
Profile Type Trojan Spy (tr.spy)