Recently, large data breach in South Korea is a big issue. Personal information is one of the most important information and core as itself. Leakage of that information is used for financial benefit mainly. In other words, for someone who was stolen his information, it can be damaged financially and psychologically.
In the midst of this situation, malicious application to steal various information of smartphone targeting for Chinese was found.
Therefore, general user needs to be careful about being infected malicious file from those malicious file.
2. Spreading path and symptoms of infection
Several variants of this malicious application are still being found; it spreads via black market and 3rd party market and can require various permissions as following.
In case of this malicious application, you cannot find execution icon but you can find installation status at "Manage Applications".
* Detailed Analysis
This malicious application, if infected, can cause those symptoms as following.
This malicious application will register 2 receivers (BootReceiver, AlarmReceiver). BootReceiver can run this application on background after inherited BroadcastReceiver. And can still run while locked with using WakeLock
This malicious application collects information with using IMEI information collecting code and can send that information to the certain number with this following code.
It contains destination number in its code.
In addition, this malicious application can work as a GPS to find user's position periodically through checking Cell ID such as following code.
Besides, this malicious application can record voice call after checking smartphone's status.
Furthermore, it can seize call history with using "android.provider.CallLog.Calls.CONTENT_URI", various source, and permissions. And collected call history will be saved at SD card and can be transferred through specific port.
3. How to prevent
This malicious application is expected from Chinese with these reasons including used Chinese Locale(China, Simplified).
However, these malicious applications can be downloaded from black market and 3rd party market and repackaged; user needs to be careful while downloading these applications.
General user can hardly notice something happened in his PC while spreading malicious file with using social engineering.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.