Riskware/Pdaspy!Android

description-logoAnalysis

Riskware/Pdaspy is an Android spyware destined to track calls, SMS and GPS location. It sends the data back to http://www.[REMOVED].ru/.


Technical Details


Riskware/Pdaspy is a tracking application for Android phones.
It needs to be manually installed on the victim's device. Once installed an icon called "Conf Lite" shows in the launcher menu.

Clicking on the icon takes the user to the main configuration window:

From the configuration window, the user can set which activities to track from Calls (incoming, outgoing, missed), SMS messages (incoming, outgoing) and GPS location history. The user can also set here the tracking frequency.
Once configured, the icon dissapears from the launcher menu. It can still be found in Settings -> Applications -> Manage Applications -> Conf Lite.

Data is then sent to the HTTP server at http://www.[REMOVED].ru/ using SOAP services.
Reports can be viewed on the application's website http://www.[REMOVED].com or http://www.[REMOVED].ru/ after login in:


recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Version Updates

Date Version Detail
2019-03-16 67.10200 Sig Updated
2019-03-16 67.10100 Sig Added