Android/Flexispy.A!tr

description-logoAnalysis

Android/Flexispy.A!tr is a commercial trojan spyware which targets Android mobile phones. It also exists for various other mobile operating systems, such as Symbian (SymbOS/Flexispy.A!tr.spy).
According to the website, it can:

  • Intercept and listen to live phone calls
  • Open the microphone and listen to the phone's surroundings
  • View all Pictures, Video and Audio stored on the Android phone
  • Spy on all the most popular Instant Messengers such as Facebook, LINE, WhatsApp, Viber, Skype, WeChat & BBM
  • Remotely control the phone's camera to take pictures
  • View web history, bookmarks, address books and calendars
  • Capture phone passcode and passwords to device apps and EMail accounts (Facebook, Skype, GMail, Outlook, etc.)
  • Receive alerts when keywords appear in messages
  • Receive alerts when the phone enters prohibited areas


  • Technical Details


    The malware connects to Internet, and posts data over HTTP to remote servers.
    The malware shows the following potential capabilities:
    • Retrieves hardware or OS information of the phone (model, product, OS...)
    • Retrieves the phone IMEI
    • Retrieves your subscriber identifier (IMSI)
    • Retrieves the name of your phone operator
    • Might be messing up with the system logs (reading or erasing them)
    • Retrieve phone number of outgoing call
    • Processing incoming SMS messages
    • Sending SMS messages
    • Retrieves your geographical location
    The malware is likely to be using some form of anti-reversing techniques.
    The malware is attempting to using some features without the adequate permissions.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2022-05-18 90.02410
2022-05-11 90.02197
2021-05-18 86.00262
2021-05-05 85.00950
2021-04-21 85.00617
2021-04-14 85.00448
2020-08-19 79.74400
2020-08-12 79.57600
2020-05-13 77.39500
2020-04-20 76.83400