12345

8/05/2011

[Warning] Malicious app to collect smartphone information

1. Introduction

Recently, leakage of large data of personal information in South Korea is a big issue. Some people who were stolen their information even try to prosecute.
In the midst of this situation, we found malicious Android application, which supports various voice using functions, but to steal personal information.Collected information can be used on cloned phone, DB transaction, and so on.

Therefore, general user needs to be careful about being infected malicious file from those malicious file.



2. Spreading path and symptoms of infection

In case of this malicious application, it spreads via various black markets and 3rd party markets and can require various permissions as following.


* Permission explanations

- android:name="android.permission.INTERNET"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.RECEIVE_BOOT_COMPLETED"
- android:name="android.permission.GET_ACCOUNTS"

After the installation, this malicious application will create execution icon as following.


To execute, you can see this following figure, it makes a big noise.


In addition, if you click upper direction arrow, your page will be changed at AD page for downloading additional applications.



* Detailed analysis

Upon installation, it will add 2 receivers (StartAtBootServiceReceiver, MyReferrerReceiver) and can cause these following symptoms.

* Symptoms of infection
1. Collects IMEI
2. Collects Android's account, country code, provider information
3. Collects numbers in contacts
4. Tries to leak collected information
5. Performs periodically through AlarmManager

First of all, this malicious application can collect numbers in contacts information and IMEI with this following code on execution.



Besides, it can collect Android account information, country code, and provider information.



Collected information can be sent certain URL.



Collecting and sending information, we mentioned above, can be performed through AlarmManager.

3. How to prevent

In case of this malicious application, all malicious functions run in the background as a service and are not visible to the user. And collected information can be used as a spam or cloned phone.

To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan-Spy/Android.SndApps.A

8 comments:

  1. A very good post ,I like it very much ,hope you will give another post asap Great info Thanks!

    ReplyDelete
  2. Pretty! This was an extremely wonderful post. Many thanks for providing this info.
    reflective vest
    reflective fabric

    ReplyDelete
  3. Explore some iphone spy apps that would help you to spy on other devices.

    ReplyDelete
  4. hey! thank you for this coding! i try to make this program since 2 days and i am not able to make it. as it's my lab submissions work so i also display the output. when i run your program it display the same out as i want so i just wanna to say thankyou

    ReplyDelete
  5. In these times, there is a lot of malware application is just launched to collect data and which is not a good thing and critically unsecured. But there are authentic, secure and trustworthy Affordable Essay Writers at $4essay App which assists students in the completion of assignments with professionalism and perfection. 

    ReplyDelete
  6. Tssdk malware unearths its way into google play via lifestyle apps the adware-encumbered apps attempt to entice sufferers into installing an extra software program. A total of 50 malicious apps have managed to pass google's safety tests and land on the google play shop, leading to hundreds of thousands of installs on android gadgets.

    Regards,
    Cheap Essay Writing Service USA | Cheap Essay 247.

    ReplyDelete
  7. Before downloading an Cheap Essay app, make sure you apprehend what records the app will get right of entry to. Read the permissions the app is soliciting for and decide whether or not the information it is asking to access is related to the reason of the app. Study the app’s privacy coverage to look if, or how, your statistics may be shared.

    ReplyDelete
  8. I don't think so that these stuffs matter these days because of latest advancement in software. I am doing SQA for my own software and now it's so easy with modern automated software that requires data input and it works automatically. I did a complete testing of my Essay writing Service using android and iOS mobile testing applications and these mentioned issues are no more consider these days.

    ReplyDelete