Virus

Analysis

Riskware/Voltaic!Android is a Potentially Unwanted Application which leaks your phone number and MAC address.

Technical Details

The phone number leaks to the presumed remote web server of the application:

hxxp://hanneng.bloveambition.com/index.php

The Wifi's MAC address leaks through a 3rd party kit to

hxxp://logs.amap.com/

The riskware also has the capability to send various IM messages (QQ, WeChat, or SMS) with a link to the applications. The malware asks for the following permissions:

GET_ACCOUNTS
Allows an app to access location from location sources such as GPS, cell towers, and Wi-Fi.
Allows to call or process outgoing calls
READ_CONTACTS
CHANGE_WIFI_STATE
ACCESS_WIFI_STATE
INTERNET
Allows to use Bluetooth
VIBRATE

Recommended Action

Make sure that your FortiGate/FortiClient system is using the latest AV database.
Quarantine/delete files that are detected and replace infected files with clean backup copies.

ID	7079211
Released	Jun 20, 2016
Description Updated	Jun 20, 2016
Aliases	.
Platform Profile	Android platform

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Riskware/Voltaic!Android

Analysis

Technical Details

Recommended Action

Telemetry

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

Riskware/Voltaic!Android

Analysis

Technical Details

Recommended Action

Telemetry

Threat Intelligence
Center