The biggest feature of this application is that being masqueraded as a similar to foreign financial security solution.
Recently, a lot of android’s malicious file has been found in our nProtect Security Response Center/Respond Team.
So, we need more attention and continuous effort to fortify security for android.
* Trusteer, famous security solution company but used for being disguised
※ Masqueraded content financial security product service for android
It uses similar security Solution Company’s icon as following.
B. Product name
As shown in the image below, it uses certain security solutions brand names and product names.
In the above figure, not only it requires activation key on "bank website", but it contains including intelligent scam.
2. Spreading path and symptoms of infection
This malicious application is not the type of added repackaging of normal application. In case of this kind of sole malicious application, this can likely be spread through black market or 3rd party market rather than android market.
This application has following permission requirement features.
After clicking "install" button.
Censored area is "IMEI value of the infected phone".
This following code can print IMEI value on executing screen.
In addition, this malicious application performs to steal SMS and IMEI information with this code as following.
As we described above, seized SMS, IMEI can be tried to send specific site with following code.
3. How to prevent
For these malicious applications, disguised as a famous international financial security solutions and products can damage users in financially.
However, the current gathering seized information web has been blocked, but plenty of possibilities to have similarity to the malicious application we mentioned earlier can emerge. Therefore, we recommend keep "Smartphone security management tips" from avoidance of those behaviors.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.