Since this malicious app can damage user financially with using SMS premium service, user who usually downloads apps at black market needs special attention.
In case of these malicious applications, the coding technique is so sophisticated that general user can rarely recognize the status infected or not.
2. Spreading path and symptoms of infection
Based on our analysis, this malicious application made for targeting Chinese user, in Korea, there hasn't been found big damages so far.
In case of this malicious application, it spreads via various black markets and 3rd party markets and can require various permissions as following.
After the installation, this malicious application will create execution icon as following.
To execute, you can see this following figure.
* Detailed analysis
This malicious application can cause these following symptoms
This malicious application sends SMS to parsed number after parsing for being induced premium service number with using following code. Besides, the SMS contents will be parsed and sent with following code.
You can receive the reply of chosen menu after sending SMS. This application can get the number first, before getting replied SMS, and block reply SMS after parsing with following code. Finally user cannot see the reply.
This malicious application can collect IMSI information, which can be sent to certain external site.
After reading the certain URL through another Class source code above, it combines and completes rest part of URL. Finally it tries to leak collected information.
Besides, this can collected information where the user is with using GPS related functions, getLatitude() and getLongtitude().
3. How to prevent
This malicious application can run all malicious functions to collect location and send or block SMS information on background. Furthermore, infected user can be scammed.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.