12345

2/15/2011

New malicious application targeting user information for Android mobile has appeared.

1. Introduction

Since repackaged Android's malicious apps have been found recently, we found repackaged malicious application for Android from Chinese black market.
This repackaged malicious application can spread via various black markets and 3rd party markets and can require various permissions.

2. Spreading path and symptoms of infection

Following figure is the preference of this malicious application.


Following figure is comparison between normal and malicious application.


As always, malicious application needs more grants than normal application.
Upon installed, we can see the icon.


Following image is run screen.


Based on our analysis, we found suspicious symptoms as following.

* Suspicious symptoms

- Try to access certain web site
- Breach mobile information
- Send text
- Remote control
- Install additional application

3. How to prevent

With a big booming of smartphone, general user can easily install various applications.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Spy/Android.PJApps.A
- Trojan-Spy/Android.PJApps.B

3.

1 comment: