Android/NickiSpy.C!tr.spy
Analysis
Android/NickiSpy.C!tr.spy is a variant of Android/NickiSpy.A!tr.spy. The differences with variant A are the following:
- it displays an icon in the Application Launcher, but the malware is named "Android System Message", a name that will probably have the victim believe this is a genuine system application.
- the attacker may view the results from a website front-end on [REMOVED]mo.com
- the malware has a settings panel with several options
.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |