Android spyware targets business executives

The name of the malicious package is “com.android.protect”, and it comes disguised as a Google Play Services app. It disables Samsung’s SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher.

Once installed and run, the malware requests device admin rights, asks the licence number to be entered, hides itself (its presence can be revealed by dialing “11223344”), and finally asks to be granted root access (if the device is rooted).