Virus

Riskware/Voltaic!Android

Analysis

Riskware/Voltaic!Android is a Potentially Unwanted Application which leaks your phone number and MAC address.

Technical Details


The phone number leaks to the presumed remote web server of the application:
hxxp://hanneng.bloveambition.com/index.php
The Wifi's MAC address leaks through a 3rd party kit to
hxxp://logs.amap.com/
The riskware also has the capability to send various IM messages (QQ, WeChat, or SMS) with a link to the applications. The malware asks for the following permissions:
  • GET_ACCOUNTS
  • Allows an app to access location from location sources such as GPS, cell towers, and Wi-Fi.
  • Allows to call or process outgoing calls
  • READ_CONTACTS
  • CHANGE_WIFI_STATE
  • ACCESS_WIFI_STATE
  • INTERNET
  • Allows to use Bluetooth
  • VIBRATE

Recommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.