A Trojan incorporated into Android firmware. It is an executable Linux file. Once launched, it extracts several modules, some of which are encrypted. After these components being decrypted and installed into the RAM, Android.CaPson.1 removes source files and starts to perform its malicious activity. In particular, the Trojan can stealthily send and intercept SMS messages, open webpages, transmit information about a compromised device to the server, and download other applications.