Android/Spy.Agent.SI [Threat Name] go to Threat

Android/Spy.Agent.SI [Threat Variant Name]

Category trojan
Detection created Jan 29, 2016
Signature database version 12947
Signature Android db version 6811
Aliases (Kaspersky)
  Android.SmsBot.539.origin (Dr.Web)
Short description

Android/Spy.Agent.SI is a trojan that steals passwords and other sensitive information. It can be controlled remotely.


The trojan must be downloaded and manually installed.

The trojan disguises itself as the Flash Player application.

Information stealing

The trojan collects information used to access certain sites.

The trojan collects the following information:

  • login user names for certain applications/services
  • login passwords for certain applications/services
  • device model
  • IMEI number
  • language settings
  • SDK version
  • information about the operating system and system settings
  • the list of installed software

The trojan attempts to send gathered information to a remote machine.

Some examples follow.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (4) URLs. The HTTP protocol is used in the communication.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • monitor incomming SMS messages
  • send SMS messages
  • delete SMS
  • send gathered information

Please enable Javascript to ensure correct displaying of this content and refresh this page.