12345

8/05/2011

[Warning] Malicious app to collect smartphone information

1. Introduction

Recently, leakage of large data of personal information in South Korea is a big issue. Some people who were stolen their information even try to prosecute.
In the midst of this situation, we found malicious Android application, which supports various voice using functions, but to steal personal information.Collected information can be used on cloned phone, DB transaction, and so on.

Therefore, general user needs to be careful about being infected malicious file from those malicious file.



2. Spreading path and symptoms of infection

In case of this malicious application, it spreads via various black markets and 3rd party markets and can require various permissions as following.


* Permission explanations

- android:name="android.permission.INTERNET"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.RECEIVE_BOOT_COMPLETED"
- android:name="android.permission.GET_ACCOUNTS"

After the installation, this malicious application will create execution icon as following.


To execute, you can see this following figure, it makes a big noise.


In addition, if you click upper direction arrow, your page will be changed at AD page for downloading additional applications.



* Detailed analysis

Upon installation, it will add 2 receivers (StartAtBootServiceReceiver, MyReferrerReceiver) and can cause these following symptoms.

* Symptoms of infection
1. Collects IMEI
2. Collects Android's account, country code, provider information
3. Collects numbers in contacts
4. Tries to leak collected information
5. Performs periodically through AlarmManager

First of all, this malicious application can collect numbers in contacts information and IMEI with this following code on execution.



Besides, it can collect Android account information, country code, and provider information.



Collected information can be sent certain URL.



Collecting and sending information, we mentioned above, can be performed through AlarmManager.

3. How to prevent

In case of this malicious application, all malicious functions run in the background as a service and are not visible to the user. And collected information can be used as a spam or cloned phone.

To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan-Spy/Android.SndApps.A

3 comments:

  1. A very good post ,I like it very much ,hope you will give another post asap Great info Thanks!

    ReplyDelete
  2. Pretty! This was an extremely wonderful post. Many thanks for providing this info.
    reflective vest
    reflective fabric

    ReplyDelete
  3. Explore some iphone spy apps that would help you to spy on other devices.

    ReplyDelete