Calendar Mobile Malware

This malware has been published as an apk file with the name of "Calendar" and is developed for android mobile devices. This application is installed with a Persian name called "تقویم ثمین" in the application menu and is a copy of an open source and free Persian calendar application that has been converted to a malware after some modifications in the code.

The malicious operations are completely based on push notifications sent from malware's developer, so that it runs some malicious commands in the victim's device based on these notifications. in the other words, the goal of the owner of the malware is to create a botnet from malware installers and misuses the panel of the push notification service provider as a command and control server (C&C). some malicious works the malware can accomplishes are:

  • Capable to send SMS from the victim's device
  • Capable to download and install file(s) from the specified URLs
  • Capable to delete an application from the device
  • Capable to join the victim to Telegram channels or groups

It should be noted that despite existence of the source codes related to sending SMS in the current version of the application, it cannot still send SMS, because the related permission does not exist in the manifest file; although this should also be considered that the required permission can be added in the next updates.

Symptoms of infection

This malware is installed as a calendar and cannot be seen any symptoms of infection in the device at the first look, although doing it's malicious behavior in the background.

Methods of Clearing Mobile Infected

for removing the malware, we can easily uninstall it from the application menu. meanwhile, nothing threaten the user who disabled the notifications for the installed calendar application.

Methods of Infection Prevention

The following recommendations can play a significant role in preventing the infection of mobile phones.

  • Do not download and install applications from untrusted sources
    given that many problems for mobile phone users arise from downloading and installing applications from insecure resources, consider to download the required applications only from well-known and trusted sources like Google Play Store and App Store.
  • Consider permissions required from the application to be installed

During installation of android applications, they request some permissions to be accepted by the user. It is very important to prevent installing if it requires more permissions than needed; considering the functionality it provides (based on malware's developer declares about the application).

  • Disable the notifications for the suspicious applications

Disable the notifications for the suspicious applications, immediately after installation, to prevent the consequences (based on the malicious notifications).

  • Install anti-virus software and update it periodically
    in recent years, the widespread prevalence of malware and viruses on android mobile devices caused many problems for smart phone users, so installing an anti-virus program is one of the essentials to prevent the android devices to be infected and malwares to be spread.

also notice that always use a trusted and reliable anti-virus program and update it periodically to detect newly released malwares as soon as possible.