This malicious application is uncommon to have malicious APK file in normal file.
If infected, it can steal user information.
So, users using Android device have to be careful from those malicious file.
2. Spreading path and symptoms of infection
In case of this kind of repackaged malicious application, it can be spread via black market and 3rd party market.
* Downloads and installs double packaging APK file
This downloadable APK file, at a glance, seems to be a normal type of application, but based on our analysis, it contains malicious functions and you can find it with following figure.
<It requires permission agreement on install>
After the installation is complete, you can see following figure.
Such as most mobile malicious applications we mentioned before, this kinds of applications are mostly using lascivious photos.
And it seems to be derived from China with the Chinese language.
It's hard to recognize that something is going on in background for general user, because it was working "Checking certain condition on being infected", "Performing package install related code" secretly.
* Downloads and installs additional APK file derived double packaged APK file
After the installation is complete, installed APK file tries to install additional APK file when following conditions are satisfied.
Infected user can not see the permission requirement page on installing additional APK file in case of meeting those conditions.
This following code describes permission of additional APK file.
<About permission on installation>
Secondary APK file doesn’t show execution screen. However, it can perform “Send/Receive SMS, MMS” and make user pay for those without noticing users. Moreover, cell phone information including GPS and recent calls can be leaked. And it can be started on booting automatically.
3. How to prevent
In this case of malicious mobile application, trying to install without additional download is uncommon techniques.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.
* Diagnosis name