Likewise disguising techniques are prevalent in these days.
This turn is for the KAV(Kaspersky Anti-Virus).
This tampered application is also made for behaving malicious functions.
2. Spreading path and symptoms of infection
In case of this kind of malicious application, it spreads via black market and 3rd party market.
Furthermore, disguised form as a normal application make user difficult to identify whether this application is normal or abnormal.
Following explanations will let you know its malicious behaviors.
* Symptoms on installation and execution
This following figure describes permission requirement page on installation.
And it adopted similar icon in comparison with Kaspersky Mobile’s .
After the installation, activating code will be shown on executing malicious application.
Clicking “OK” will terminate this application without additional behavior.
* Detailed analysis
When the first run this application, it will acquire IMEI information due to following code and print some of information as an activating code.
Not only IMEI information for this code, but it collects IMSI and contacts information and will send certain C&C (Command and Control) server.
Since the C&C server destination is set local address, collected information can’t be spread outbound. However, there is a possibility to emerge additional application, totally compatible with this program.
Including malicious behaviors above, it can collect SMS information and calling status.
3. How to prevent
Since there is a flaw about calling malicious method in this application, it can’t perform malicious functions perfectly.
But, there are still potential possibilities to be combined and co-work another malicious application
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.