virus logo Mobile Virus

Riskware/Biige!Android

description-logoAnalysis

Riskware/Biige!Android is a piece of malware targetting Android mobile phones.
The application is used to spying on a victim's phone by monitoring SMS messages, outgoing calls, location information etc. The collected information is sent to the application's website. It also provides an 'Uninstallation Protection' feature that sends out an SMS message from the phone to a user-defined number each time an attempt to uninstall the application is made.

Technical Details


The main application is called "PhoneBeagle Recorder" or "BiiGe Recorder" (ref Fig1 and Fig2) and comes in the package 'com.agilebinary.phonebeagle' or 'com.biige.recorder'

Fig1 : PhoneBeagle Recorder application Icon

Fig2 : BiiGe Recorder application Icon
Once the application is started, the user is asked to Activate the application with a product key as seen in Fig 3

Fig3 : Application activation screen
Once the application is activated, information from the device such as SMS messages, outgoing calls, location information etc. is collected and sent to the application's server 
hxxp://[REMOVED]beagle.com

It also has an Uninstallation Protection feature that requires Device administration rights. At the time of activation of the feature, the user is asked to enter a phone number.
Each time the user tries to uninstall the application, an SMS message is sent to the number specified with the message 
The PhoneBeagle Recorder Uninstall Protection has been deactivated.

The application is automatically started when the phone is rebooted.
Permissions required by the application:
  • INTERNET
  • READ_PHONE_STATE
  • RECEIVE_SMS
  • READ_SMS
  • SEND_SMS
  • WRITE_SMS
  • PROCESS_OUTGOING_CALLS
  • READ_CONTACTS
  • WRITE_CONTACTS
  • RECEIVE_BOOT_COMPLETED
  • ACCESS_FINE_LOCATION
  • ACCESS_COARSE_UPDATES
  • ACCESS_NETWORK_STATE
  • WAKE_LOCK
  • ACCESS_WIFI_STATE
  • CHANGE_WIFI_STATE
  • PROCESS_OUTGOING_CALLS
  • READ_HISTORY_BOOKMARKS

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Version Updates

Date Version Detail
2020-08-05 79.40800
2020-03-18 76.05400
2019-08-05 70.49200
2019-08-02 70.43900
2019-08-02 70.42000
2019-08-02 70.41800
2019-03-17 67.12300
2019-03-13 67.02700
ID 4652720
Released Feb 18, 2013
Description
Updated		 Apr 30, 2013
Aliases Aliases : Monitoring-Tool:Android/MobileMonitor.A!mfb (F-Secure), not-a-virus:Monitor.AndroidOS.Biige.i (Kaspersky), Andr/AgileBin-A (Sophos), Android.Biigespy (Symantec)
Platform Profile Android platform