[Warning] Detected double packaged malicious application for Android

1. Introduction

Recently, general user needs special attention about double packaged prevalent malicious file for Android mostly in China.
This malicious application is uncommon to have malicious APK file in normal file.
If infected, it can steal user information.
So, users using Android device have to be careful from those malicious file.

Double packaging (APK : Android Package File)

- Contains malicious APK file in normal APK file

2. Spreading path and symptoms of infection

In case of this kind of repackaged malicious application, it can be spread via black market and 3rd party market.

* Downloads and installs double packaging APK file

This downloadable APK file, at a glance, seems to be a normal type of application, but based on our analysis, it contains malicious functions and you can find it with following figure.

<About Permission>

<It requires permission agreement on install>

After the installation is complete, you can see following figure.

Such as most mobile malicious applications we mentioned before, this kinds of applications are  mostly using lascivious photos.
And it seems to be derived from China with the Chinese language.

It's hard to recognize that something is going on in background for general user, because it was working "Checking certain condition on being infected", "Performing package install related code" secretly.

* Downloads and installs additional APK file derived double packaged APK file

After the installation is complete, installed APK file tries to install additional APK file when following conditions are satisfied.

* Conditions for installing another APK file

- Rooting tried (same or earlier version of Android 2.2)
- Rooting status

This following code describes additional condition we mentioned above.

Infected user can not see the permission requirement page on installing additional APK file in case of meeting those conditions.

This following code describes permission of additional APK file.

<About permission>

<About permission on installation>

Secondary APK file doesn’t show execution screen. However, it can perform “Send/Receive SMS, MMS” and make user pay for those without noticing users. Moreover, cell phone information including GPS and recent calls can be leaked. And it can be started on booting automatically.

3. How to prevent

In this case of malicious mobile application, trying to install without additional download is uncommon techniques.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

* Diagnosis name

- Trojan-Spy/Android.HiddenSms.A
- Trojan-Spy/Android.HiddenSms.B


  1. While using some of these applications you can track someones phone gps location. You can use this information to ensure their safety when they not at home or traveling somewhere

  2. I was researching about Nasty application for Android I want to know Where Can I Buy A Research Paper and I don't know where to buy?

  3. You could use these statistics to make certain their safety after they no longer at domestic or traveling somewhere while the usage of Cheap Essay Now some of those applications you may. In this example of malicious cell utility, trying to installation without extra download is uncommon strategies.

  4. A case study is a sophisticated academic task, which frightens a lot of students. No wonder, when working on such a paper, the student should be aware of its key peculiarities, have good writing and research skills but usually best buy case study in order to succeed.

  5. Read more on this article you will definitely find this helpful

  6. https://www.wattpad.com/story/221359672-i-need-a-hacker-to-change-my-university-grades

  7. Global Hackers Team offer the cell phone monitoring service. Have a peek on I need a hacker urgently

  8. آنژیوپلاستی یک روش درمان کم تهاجمی است که در طی آن انسداد شریان های قلبی برطرف شده و بیمار درمان می شود. برای اطلاعات تکمیلی به وبسایت متخصص قلب مراجعه نمایید.

  9. تاکسی vip با کیفیت عالی قیمت مناسب آرامش و امنیت را برای مسافران خود به ارمغان می آورد، ما هر روزه هفته ۲۴ ساعته خدمتگذار شما عزیزان هستیم. از مزایای تاکسی vip می توان به حضور رانندگان مجرب و با سابقه شرکت تاکسیرانی، احساس راحتی و آرامش و استفاده از اتومبیلهای با ضریب امنیت و کیفیت بالا اشاره کرد.