12345

2/15/2011

New Trojan "ADRD" for Android mobile has appeared.

1. Introduction

Recently, one security blog reported about mobile trojan for Android.
This Trojan injects malicious code to perform malicious behavior on normal application.
In this case, users who frequently download application via black market can be easily infected by this malicious application.



[ New Android Trojan "ADRD" Was Found in the Wild by Aegislab ]
http://blog.aegislab.com/index.php?op=ViewArticle&articleId=75&blogId=1

[ Samsung Galaxy S live wallpapers hacked onto other phones ]
http://www.androidcentral.com/samsung-galaxy-s-live-wallpapers-hacked-nexus-one

2. Spreading path and symptoms of infection

It, spread via black market, aimed at Dandelion Live Wallpaper and tries to inject malicious code for tampering.
This malicious application is named "ADRD", and has no execution icon.

* Download Dandelion Live Wallpaper
- http://www.livewallpapers.org/dandelion-424/

This malicious application has same Wallpaper display as normal application.


Following figures are showing differences between normal and malicious application.

 
                          <Malicious application>                                                <Normal application>

We don't need to let you know which one is for malicious.
Malicious application is always requiring a lot of grants. And the size is also little bit different between normal and malicious app.

                          <Malicious application>                                                <Normal application>

* Infected symptoms

A. Remotely Controlled
B. Collects information IMEI(International Mobile Equipment Identity) and IMSI(International Mobile Subscrilber Identity)
C. Access certain web sites
- http://adrd.zt.cw.4/
- http://adrd.xiaxiab.com/pic.aspx
- http://adrd.taxuan.net/index.aspx

3. How to prevent

To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Spy/Android.ADRD.A

5 comments:



  1. شركة الطيار تعتبر افضل شركة تنظيف شقق بالدمام نقوم بتنظيف الشقق و الفلل بمدينة الدمام بافضل المكينات و الطرق الحديثة حيث اننا
    نقوم بتنظيف الشقق من الداخل جزء جزء علكم ان تتصلو علي شركة الطيار باسرع وقت ممكن لاننا افضل شركة تنظيف فلل بالدمام يمكنك معرفة المزيد حول الخدمة
    شركة كشف تسربات المياه بالدمام

    ReplyDelete
  2. Family locator app uses a passive mode when tracking information and wakes up when there is a change in location. The application does run in the background uses very little data or bandwidth, look geozilla-family-locator-app iphone to find more.

    ReplyDelete
  3. No ifs ands or buts, if your PC was running consummately two days ago or even yesterday and is dragging today, then the in all probability cause is a noxious or destructive disease. By the day's end you are the proprietor of your framework and it's dependent upon you to keep noxious projects from entering your framework. Such hurtful programming can erase everything from your hard drive and abandon you with next to nothing.
    navigate here

    ReplyDelete