Remote controlled spyware which uses Baidu Cloud Push notification messages
We can see the execution of the main process cajino.method.3. The process accessed the directory /mnt/sdcard/DCIM/Camera/ and created a file named file_list containing the listing of all SD card files. Unfortunately we cannot see any network activity, the server seems to be down.