12345

8/12/2011

[Warning] Malicious application leaking smartphone information

1. Introduction

Recently, malicious applications for collecting smartphone information illegally were found.
Since leaked smartphone information can be used malignantly in various parts, it means that the security threats will be getting bigger.
In the midst of this situation, we found another malicious application to collect smartphone information.
Therefore, general user needs to be careful about being infected malicious file from those malicious file.

Currently, in case of this android malicious application, there is nothing special diagnosis tool and classification system. And it can be made by general user easily, so smartphone security threats will be getting bigger.


  
2. Spreading path and symptoms of infection

In case of this malicious application, it spreads via various black markets and 3rd party markets and can require various permissions as following.

This malicious application can require this following permission requirement screen.



* Permission explanation

android:name="android.permission.INTERNET"
android:name="android.permission.ACCESS_NETWORK_STATE"
android:name="android.permission.RECEIVE_BOOT_COMPLETED"

Besides, this malicious application doesn't have its execution icon, but can be executed on reboot automatically.


   
* Detailed analysis

This malicious application can cause these following symptoms.

* Symptoms

1. Collects IMEI, IMSI information
2. Collects smartphone menufacturar and model name.
3. Tries to leak collected information after checking network connection status
4. Checks certain application's installation status 

In case of this malicious application, it doesn't register certain Receiver but can try dealing with Event and Action of other applications after inherited BroadcastReceiver.

As we explained at "※ Symptoms", the main feature of this malicious application is collecting information and checking status of installation on certain applications. And it uses MD5 checking for verifying installation status after parsing package name.

This malicious application can collect smartphone information through this following code.



Besides, collected information, after modified by certain methods, can be leaked via URL references.



3. How to prevent

With the rapid development of mobile devices, various type of mobile transactions will be wider and wider. According to that growth, mobile threats will be getting bigger.

To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan-Spy/Android.SndApps.A

3 comments:

  1. Smartphone apps can take your private data and send it out betraying your trust.There are a great deal of malicious applications out there and the Android's permission-based system is insufficient to guarantee the security of private data.Android obliges application developers to proclaim the permissions their application will need to get to your private data.Then again,it is questionable if an application accesses it,or sends it out betraying your trust.Additionally,developers have a tendency to misapply the system by widely asking for permissions so they don't miss anything. Accordingly,a great deal of clients either don't read (or couldn't care less about) the permissions, and simply click anything important to continue.

    --Ashley Howard.

    ReplyDelete
  2. I think you should try out information in this blog.

    ReplyDelete
  3. A good tip for those who do not trust their other half. I went ahead and found it https://mxspy.com/how-to-hack-a-phone/. This software has helped me to control and monitor every phone that I need. I'm not intruding in someone else's life, only in control of the life of my family.

    ReplyDelete