In the midst of this atmosphere, inducing malicious app charging SMS premium service has been found, so that user who frequently downloads apps at black market needs to be careful.
2. Spreading path and symptoms of infection
This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.
Upon installed, this will create execution icon as following, clicking icon will show you following screen.
* Run Icon
* Run Screen
* Detailed analysis
This malicious application registers 1 Receiver to manage SMS, and can set high priority.
Furthermore, this malicious application can subscribe premium service after being infected, and subscription procedure will be proceed by receiving SMS from certain premium service provider's number.
After the subscription, this malicious application can finish subscription procedure after confirming sending SMS. Besides, this app will remove related SMS through following code before being recognized by user.
But there is a difference between this app and previous similar application on numbering additional service number in its code's condition states.
3. How to prevent
In case of this malicious application, since it was designed to target Chinese user, it hasn't been reported in South Korea, but it can be repackaged and give financial damage to general user.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.