Android/Flexispy.A!tr
Analysis
Android/Flexispy.A!tr is a commercial trojan spyware which targets Android mobile phones. It also exists for various other mobile operating systems, such as Symbian (SymbOS/Flexispy.A!tr.spy).
According to the website, it can:
- Intercept and listen to live phone calls
- Open the microphone and listen to the phone's surroundings
- View all Pictures, Video and Audio stored on the Android phone
- Spy on all the most popular Instant Messengers such as Facebook, LINE, WhatsApp, Viber, Skype, WeChat & BBM
- Remotely control the phone's camera to take pictures
- View web history, bookmarks, address books and calendars
- Capture phone passcode and passwords to device apps and EMail accounts (Facebook, Skype, GMail, Outlook, etc.)
- Receive alerts when keywords appear in messages
- Receive alerts when the phone enters prohibited areas
- Retrieves hardware or OS information of the phone (model, product, OS...)
- Retrieves the phone IMEI
- Retrieves your subscriber identifier (IMSI)
- Retrieves the name of your phone operator
- Might be messing up with the system logs (reading or erasing them)
- Retrieve phone number of outgoing call
- Processing incoming SMS messages
- Sending SMS messages
- Retrieves your geographical location
Technical Details
The malware connects to Internet, and posts data over HTTP to remote servers.
The malware shows the following potential capabilities:
The malware is attempting to using some features without the adequate permissions.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |