12345

8/03/2011

[Warning] Malicious application for recording voice call

1. Introduction

Recently, large data breach in South Korea is a big issue. Personal information is one of the most important information and core as itself. Leakage of that information is used for financial benefit mainly. In other words, for someone who was stolen his information, it can be damaged financially and psychologically.
In the midst of this situation, malicious application to steal various information of smartphone targeting for Chinese was found.


Therefore, general user needs to be careful about being infected malicious file from those malicious file.
  


2. Spreading path and symptoms of infection

Several variants of this malicious application are still being found; it spreads via black market and 3rd party market and can require various permissions as following.



* Permission explanations

- android:name="android.permission.CALL_PHONE"
- android:name="android.permission.PROCESS_OUTGOING_CALLS"
- android:name="android.permission.INTERNET"
- android:name="android.permission.ACCESS_GPS"
- android:name="android.permission.ACCESS_COARSE_LOCATION"
- android:name="android.permission.ACCESS_COARSE_UPDATES"
- android:name="android.permission.ACCESS_FINE_LOCATION"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.READ_CONTACTS"
- android:name="android.permission.WRITE_CONTACTS"
- android:name="android.permission.ACCESS_WIFI_STATE"
- android:name="android.permission.PERMISSION_NAME"
- android:name="android.permission.SEND_SMS"
- android:name="android.permission.READ_SMS"
- android:name="android.permission.WRITE_SMS"
- android:name="android.permission.WAKE_LOCK"
- android:name="android.permission.RECORD_AUDIO"
- android:name="android.permission.WRITE_EXTERNAL_STORAGE"
- android:name="android.permission.DEVICE_POWER"

In case of this malicious application, you cannot find execution icon but you can find installation status at "Manage Applications".



* Detailed Analysis

This malicious application, if infected, can cause those symptoms as following.


* Infected symptoms

1. Acquires smartphone information including IMEI
2. Acquires SMS information
3. Saves certain information on SD
4. Sends SMS(Text message)
5. Collects user's place and activates GPS function
6. Sends collected information to external web site
7. Collects call history
8. Records voice call
9. Runs at background

This malicious application will register 2 receivers (BootReceiver, AlarmReceiver). BootReceiver can run this application on background after inherited BroadcastReceiver. And can still run while locked with using WakeLock
.
This malicious application collects information with using IMEI information collecting code and can send that information to the certain number with this following code.


It contains destination number in its code.

In addition, this malicious application can work as a GPS to find user's position periodically through checking Cell ID such as following code.



Besides, this malicious application can record voice call after checking smartphone's status.



Furthermore, it can seize call history with using "android.provider.CallLog.Calls.CONTENT_URI", various source, and permissions. And collected call history will be saved at SD card and can be transferred through specific port.

* Saving path in SDcard for collected information

- /sdcard/shangzhou/callrecord/

* External certain URL to be received collected information

- jin.(~).com(Port : 2018)
- Accessing to the external URL has been being tried periodically through SocketService, AlarmManager.

3. How to prevent

This malicious application is expected from Chinese with these reasons including used Chinese Locale(China, Simplified).

However, these malicious applications can be downloaded from black market and 3rd party market and repackaged; user needs to be careful while downloading these applications.

General user can hardly notice something happened in his PC while spreading malicious file with using social engineering.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Spy/Android.NickiSpy.A
- Trojan-Spy/Android.NickiSpy.B
- Trojan-Spy/Android.NickiSpy.C


12 comments:

  1. If you want to record someones voice you could use this one.

    ReplyDelete
    Replies
    1. This content-id good and amazing I like to read the article in my free time it helps to develop my knowledge skills. the basic need of every people those are taking interest they can pay for take my class online good and informative thing from it.

      Delete
  2. Great this article is very helpful. Thank you for the valuable information.
    Touch Here

    ReplyDelete
  3. Thanks for sharing.I found a lot of interesting information here. A really good post, very thankful and hopeful that you will write many more posts like this one.
    akinator.ooo
    xender.vip
    viamichelin.onl

    ReplyDelete
  4. I study the course: C Programming: Language Foundations (distance learning program at Institut Mines-Télécom). I completed my research paper and need to submit a report on it as well. FinTech Ethics and Risks topic is too difficult for me, I can't manage to write it in 12 hours even with this source - https://writemyessaytoday.net/write-my-essay-in-12-hours academic projects.

    ReplyDelete
  5. Do you want to get info about useful cheap essay writing service? Here you can read more about it

    ReplyDelete
  6. I do not recommend using a malicious application for your needs. It can threaten your PC. Once I bought a plagiarism checker at narrative essays online service and I still use it. I paid for it an I am sure that it is free of viruses.

    ReplyDelete
  7. Online Class Helpers
    Our take my online class gives you back the exact time you wanted to have so that you can manage your demanding duties or extrinsic lifestyle outside of your university’s meticulous educational curriculum. We do the gumshoe work to find out who is after the most important, encouraging and upcoming online class taking assistance convenient to students, and what kind of support they provide.


    Thesis Help
    British Dissertation Consultants is a UK-based consultancy service providing competent guidance to successfully conclude your graduate thesis

    best academic writing services
    Papers Planet provides a quick solution by providing Professional Academic Writing Help to all the academic concerns of the students from Diploma to Ph.D. Level. We are well aware of the busy schedule and concerns of the students that they are facing throughout their academic life that’s why we offer Academic Writing Help

    Assignment Help
    Paper Lords is one of the leading academic writing services provider agencies in the United Kingdom. We have been offering our services in the market for over 5 triumphant years. Each of our team members has an extensive and victorious background, and they do not compromise on any aspect when it comes to the quality of content.

    ReplyDelete
  8. As a student, de-motivation and fear of failure can really exhaust students and send you to depression mode. This is the reason, you cannot then enjoy the fruits of academic life like late night parties, social gatherings and relationship

    http://www.speedycoursework.co.uk/

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete
  10. OnlyFans is a way to help content creators monetise their fan base! onlyfans without paying

    ReplyDelete
  11. Today there are many companies who provide a service that writes for students. I can share one of the best nursing essay writing service. Try and look for yoursef.

    ReplyDelete