12345

8/04/2011

[Warning] Android malicious app to induce user pay for text msg

1. Introduction

Recently, malicious Android apps have been found frequently, and most of those apps can Read and Write on SMS.
Since this malicious app can damage user financially with using SMS premium service, user who usually downloads apps at black market needs special attention.
In case of these malicious applications, the coding technique is so sophisticated that general user can rarely recognize the status infected or not.



2. Spreading path and symptoms of infection

Based on our analysis, this malicious application made for targeting Chinese user, in Korea, there hasn't been found big damages so far.

In case of this malicious application, it spreads via various black markets and 3rd party markets and can require various permissions as following.



* Permission explanations

- android:name="android.permission.INTERNET
- android:name="android.permission.ACCESS_NETWORK_STATE"
- android:name="android.permission.RECEIVE_SMS"
- android:name="android.permission.SEND_SMS"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.RECEIVE_BOOT_COMPLETED"

After the installation, this malicious application will create execution icon as following.


To execute, you can see this following figure.



* Detailed analysis

This malicious application can cause these following symptoms

* Symptoms of infection

1. Tries to send SMS for extra charging
2. Blocks SMS from certain number
3. Collects IMEI
4. Collects location information(GPS)
5. Tries to leak collected information
6. Runs at background

This malicious application sends SMS to parsed number after parsing for being induced premium service number with using following code. Besides, the SMS contents will be parsed and sent with following code.



You can receive the reply of chosen menu after sending SMS. This application can get the number first, before getting replied SMS, and block reply SMS after parsing with following code. Finally user cannot see the reply.


This malicious application can collect IMSI information, which can be sent to certain external site.



After reading the certain URL through another Class source code above, it combines and completes rest part of URL. Finally it tries to leak collected information.

Besides, this can collected information where the user is with using GPS related functions, getLatitude() and getLongtitude().

3. How to prevent

This malicious application can run all malicious functions to collect location and send or block SMS information on background. Furthermore, infected user can be scammed.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Spy/Android.LoveTrap.A

10 comments:

  1. In general,it is savvy to scrutinize every single permission an Android app asks for –numerous apps request intrusive permissions when they needn't bother with them.Indeed apps packed with aggressive adware have a skill for gathering more data than they would commonly need to perform enough.Make sure to read your permissions before clicking "accept".
    ~Lisa Moore.

    ReplyDelete
  2. Hello! The media is loaded with reports saying Android malware is blasting and that Android clients are at danger. Does this mean you ought to introduce an antivirus application on your Android telephone or tablet?While there may be a great deal of Android malware in the wild, a glance at Android's protections and studies from antivirus organizations uncovers that you're likely protected in the event that you take after some essential safety measures.Thank you so much!!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    Jara

    ReplyDelete
  3. Really great read.I would like to add little bit.Spyware apps,as anyone might expect,additionally make an incredible showing with concealing themselves.Most demonstrated no icon on the rundown of phone apps.The best way to discover them is to look in the rundown of running apps inside of the Android settings menu.Indeed,even there,the apps frequently endeavored to camouflage themselves with names that seemed like system processes (e.g., Android Manager,SIM Toolkit,Android Framework) or security services (LookOutSecure).Have a good day.@Kathy Brooks.

    ReplyDelete
  4. This should also give your customer support executives the flexibility to split complex tickets into multiple smaller sections, so that you can assign each component to your specialist customer care team members. There should also be an option to merge together similar tickets so that they are dealt with more efficiently.
    4k video downloader crack

    ReplyDelete
  5. There are spy app features that help you to monitor people's phones, for example, web mailer, screenshots, application usage and installation and keylogger, take a look at app here to find more information.

    ReplyDelete
  6. To reduce potential contamination of your device based on Android, I recommend to use only proven repository of apk files. One of the most reliable resource is androidappforyou.com.

    ReplyDelete
  7. I'm trying to protect my device from fraudsters. That's why my friend recommended installing android spy https://www.hoverwatch.com/free-android-keylogger . So I can track the location of my smartphone at any time.

    ReplyDelete
  8. The Android mobile handsets, which, allow's confront it, consist of an actually-rising amount of devices, is emerging as a severe contender inside the struggle to protected domination in the mobile market.
    http://www.showboxdownloadsapp.com/

    ReplyDelete
  9. In this world of ever growing technology, we can easily watch the latest movies or tv shows by streaming on different websites.
    Now we can even watch the movies and TV shows on our Android or Windows smartphones
    ShowBox Apk Download

    ReplyDelete