Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.



20 December 2011
1.3 or 1.4
Risk Impact:
Systems Affected:


Android.Kidlogger is a Spyware application for Android devices that logs the device's activity and sends it to a predetermined website.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 01 February 2015 revision 020
  • Initial Daily Certified version 19 December 2011 revision 020
  • Latest Daily Certified version 24 April 2012 revision 002
  • Initial Weekly Certified release date 21 December 2011
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
The Trojan arrives as a package with the following details:

Free version

APK : KidLoggerLight.apk
Package name : net.kidlogger.kidloggerlight
Version : 1.4
Publisher : Tesline-Service
Application title : KidLogger (Only visible in Settings > Manage Apps.)
Icon: Default Android Icon

Paid version

: KidLogger.apk
Package name
: net.kidlogger.kidlogger
: 1.4
: Tesline-Service
Application title : KidLogger (Only visible in Settings > Manage Apps.)
Icon: Binoculars

Keylogger addon
: KidLoggerKeyboard.apk
Package name
: net.kidlogger.kidloggerkeyboard
: 1.3
: Tesline-Service
Application title
: KidLoggerKeyboard (Only visible in Settings > Manage Apps.)
Icon: Default Android Icon

When the application is being installed, it requests permissions to perform the following actions:

  • Access location information, such as Cell-ID or WiFi. (Paid version only)
  • Access location information, such as GPS information.
  • Access and change information about the WiFi state.
  • Open network connections.
  • Monitor, modify, or end outgoing calls.
  • Read contact data.
  • Check the phone's current state.
  • Read, monitor, and send SMS messages on the device.
  • Start once the device has finished booting.
  • Read History bookmarks.

The application will run in the background, gathering the following information and periodically uploading it to
  • Incoming and outgoing call logs
  • SMS messages
  • Phone book addresses
  • Emails
  • Browsing history
  • Photos
  • List of running apps
  • Keys pressed (with keylogger addon)
You may have arrived at this page either because you have been alerted by your Symantec product about this risk, or you are concerned that your device has been affected by this risk.

Install Norton Mobile Security
If you do not already have Norton Mobile Security installed on your device, please download the product from the Android marketplace .

Alternatively, you can navigate to the website from your device and download the product from there by completing the following steps:
  1. Select the 90-Day free download.
  2. Click on the Android icon to begin downloading the product.
  3. Click on Install in order to accept the permissions that are being requested by the program.
  4. Next, click Open and then Agree & Launch.

Note: The first time the product runs, you will be required to enter a code that is displayed on the screen in order to activate the product. Enter the provided code and press Submit .

Run a full system scan
Run a full system scan using Norton Mobile Security to remove this risk from the device. To do this, please perform the following actions:
  1. Navigate to the Anti-Malware tab.
  2. Click Scan Now.

Manual removal
To remove this risk manually, please perform the following actions:
  1. Open the Google Android Menu.
  2. Go to the Settings icon and select Applications.
  3. Next, click Manage.
  4. Select the application and click the Uninstall button.