17
Malware threats, hoaxes, and taxonoMy
rmware or signed with a platform key. Since jSMSHider targeted
devices with a custom ROM, the customized image is normally signed
by publicly available private keys for the Android Open Source Project.
Since this malware was also signed by those keys, it can be success-
fully granted the INSTALL_PACKAGES permission. If the device
did not have a custom ROM, the malware would try to get permission
by attempting to acquire root with the su command: su –v. Once the
malware acquired the permission, the payload was loaded (testnew.
apk) as an embedded resource and quietly installed on the phone. is
payload would download and install a le named LcLottery.apk. e
payload would also process incoming or outgoing ...