[Warning] Identified malicious application disguised as a Chinese Video Browser

1. Introduction

It's a big trend to repackage for malicious Android's application these days.
The technique "Repackaging" is inserting malicious code on the process of decompile based on normal APK file.
If infected, it is hard to be found the status being infected.
Therefore, the scope of infected range can be wider and wider.

Among those applications, a peculiar malicious application has been identified which was masqueraded and repackaged as a Chinese Video streaming service application.

2. Spreading path and symptoms of infection

Several variants of this malicious application are still being found, it spreads via black market and 3rd party market with the unique feature of this kind of repackaged applications.

First of all, it can be run on Android SDK 1.6 or higher in a stable manner.
This following figure describes permission requirement page on installation.

* Permission explanations











After the installation, this execution icon on following figure will be generated.

* Detailed analysis

After the installation, this following code will lead download and install additional malicious application on executing

* URL for downloading additional malicious


* Additinal downloaded malicious application

Following figure is captured screen after downloaded additional application from the above.
It looks like a normal application and can stream music normally.

* Captured screen on execution

 * Created icon

This malicious application has a purpose to AD in certain condition. And it contains link to download this application and can be sent via e-mail or SMS.

Also, it can send 6 text messages to China Mobile quietly.

The receiving number of China Mobile is a service number to check remained balance, mobile data usage, and so on. Also it can apply “Free Text Message” service.
On applied several services, certain amount of money might be paid due to those services. And requested “Free Text Message” service can be used both real-user and another user.

We assume that it requested the service with this phrase (“1~~6”, “8”, “”, this);.
Also, requested result can be received as a text message on choosing each menu. Furthermore, to deceive user on this progress, this malicious application can remove replying text messages with the following code.

According to the red box, it deletes text messages in case of the first sending number started from “10” with the red boxed code, if(s.startsWith(“10”)) abortBroadcast(); after inherited BroadcastReceiver without notice.
As a result, general user can’t notice something happened in his smartphone, even applying several services.

Together with those attempts, it can try to leak SIM card number of the smartphone to the external certain web site such as following figures.

Sneaked information can be used to make cloned phone illegally. In addition, it can check network connecting status and perform with specific code.

3. How to prevent

Currently, in case of malicious application for Android malicious application, it is a big trend to be disguised as a normal application, and the technique “REPACKAGING” is the most prevalent.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-SMS/Android.KuVideoSMS.A
- Trojan-SMS/Android.KuVideoSMS.B


  1. You should look at this website for some info on how to write good book report. You should do it as soon as possible for your own good

  2. geek squad tech support is the service provider. it gives you technical support and it`s 24*7 available for the users. they also provide call service. if you purchase new printer and face some issue to install the driver then you can contact to geek squad.

    Geek squad tech support

  3. Quickbook support provides the tech assistance for the issues in quickbook as it's a software so issues and bug are some common term but in case you face any issue you can contact to Quickbook support and you will get QuickBooks tech support.
    for more information visit the website

    Quickook Support

  4. Thanks for another informative website. The place else could I am getting that kind of information written in such a perfect means? I’ve a challenge that I’m simply now operating on, and I’ve been on the look out for such info.

    Geek Squad Appointment |
    Best Buy Geek Squad Appointment |
    Best Buy Appointment |
    Geek Squad Appointment Scheduling |
    Best Buy Geek Squad Appointment Schedule |
    BestBuy.com Appointments |
    Geek Squad Appointments At Best Buy |
    Make An Appointment With The Geek Squad |
    Schedule Geek Squad Appointment |

  5. This comment has been removed by the author.

  6. BAK is a type of file extension that is used to create Backup of any type of file. Normally, BAK file is created automatic backup when an application is edited or there is making any changes in the document. You can save BAK files using file extension bak.

  7. Superb blog! all information really useful for us, thanks for sharing here. If you are looking packers and moving service, then contact Zodiac packers movers, here you will get best Packers and Mover in Rohini.

  8. Webroot protection is quick and easy to download, install, and run, so you don't have to wait around to be fully protected. Plus, it updates itself automatically without slowing you or your system down, so you always have the most current protection.
    connect.geeksquad.com |
    www.geeksquad.com/chat-with-an-agent |
    www.webroot.com/bestbuydownloads |
    webroot geek squad download |
    geek squad webroot login |
    webroot renewal best buy |
    geek squad webroot renewal |
    webroot geek squad |
    renew webroot through geek squad |
    install webroot with key code |


  9. kaspersky geek squad download Website Protect your devices, data & your family with the growth of the digital world, online protection is energetic. It is extremely significant to protect your PCs, Mac, as well as mobile devices & tablets with kaspersky geek squad install This can be complete with the help of Kaspersky Internet security & anti-virus products from kaspersky geek squad download that protects all devices used on digital platforms.
    Kaspersky Geek Squad Download |
    Kaspersky Geek Squad Renewal |
    Kaspersky Geek Squad Install |
    Kaspersky Geek Squad Activate |
    Kaspersky Geek Squad Uninstall |

  10. The jackets that we sell are replicas of the coats worn by top television celebrities because it is a growing trend to copy them when it comes to fashion. These celebrities have really become the trendsetters. This leisure was hitherto in reach of only the rich and the rest could only dream about it. But now these jackets are available for all people who want to buy them because of our affordable prices. So we welcome you to come and buy celebrity jackets of excellent quality and know more about us and our products!