12345

6/01/2011

[Warning] Provocative named malicious application for Android is spreading.

1. Introduction

Recently, Android’s malicious applications are rapidly growing and the threats on smartphone security are getting bigger.
Among these applications, erratic type of application using provocative title has emerged.
And found application can steal phone’s information in a common.

[Update: Security Alert: DroidDreamLight, New Malware from the Developers of DroidDream]
 http://blog.mylookout.com/2011/05/security-alert-droiddreamlight-new-malware-from-the-developers-of-droiddream/

[New DroidDream Variant Found on Android Phones]
 http://www.f-secure.com/weblog/archives/00002170.html

In Korea, these mobile malicious applications have not emerged and damaged so far.
Since the scope of using smart phone is getting wider with various functions including financial, transportation, and most of our life. So, users using Android device need special attention about these provocative titled malicious applications.

2. Spreading path and symptoms of infection

This malicious application could be downloaded via Android market though, it has been blocked.
But in case of this kind of malicious application, it can be spread via black market and 3rd party market, it shows permission requirement screen on installation.



Indeed, since this malicious application is spreading with provocative title, it is hard to resist temptation to download and install.


* Similar malicious applications
- Sexy Girls: Hot Japanese
- Sex Sound
- HOT Girls 1
- HOT Girls 2
- HOT Girls 4


These malicious applications contain permission setting code as following.


After the installation is completed, it requires agreement of suspicious permissions.


After the procedures above, this malicious application prints lascivious photos.


Finally this malicious application can acquire smartphone’s internal information including IMEI/IMSI information, OS version, and installed applications information, and so on with following malicious code.


Based on our analysis, this application can perform malicious functions on changing phone’s status with following malicious code.


3. How to prevent

This kind of provocative malicious application for Android has its own and unique vulnerability to make user want to be clicked and downloaded due to its own lascivious title.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

* Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

1 comment:

  1. panasonic business phone systems

    Fantastic post and wonderful blog, I really like this type of interesting articles keep it up. Nice work!!

    ReplyDelete