As posted on the Fortinet Blog!
What does the malware do?
To summarize the malware’s goals, it fetches commands via HTTP GET from a remote C&C, and uploads information via HTTP POST. The command it recognizes are listed in the table below.
0 Get Info Device
1 Start Record
2 Get Audio File
3 Get Contact List
4 Current Location
5 Get Installed Apps
6 Wifi Status
7 Get all Pictures from Photo Library
8 List a given directory
9 Get a given file
10 Get process list
11 Get SMS
The code shows a few interesting things: