These days' symptoms of malicious infected have being changed from collecting information to financial damage.
2. Spreading path and symptoms of infection
This repackaged malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.
* Malicious application's requiring permissions
* Normal application's requiring permissions
Besides, we can distinguish between normal/malicious applications with these icons after installation.
* Malicious application's icon
* Normal application's icon
In case of malicious application, the word "BETA" on its icon was misprinted as a "PETA".
But, in real one, it inscribed normally.
Furthermore, we can find difference between Normal/Malicious applications on "Application info".
4.68MB is the real one.
After the installation, both applications are running as looked same. That's one of big features of repackaged applications.
* Detailed analysis
This malicious application is the type of repackaged application.
Following figure is the tree of folder structure.
If infected, additional malicious package, "dogbite", will work as a service and can cause following symptoms.
Following code is the detail of "Collect Phone Number" and "Send SMS".
There are 2 types of sending SMS.
One is sending certain sentence ("I take pleasure in hurting small animals, just thought you should know that") after collecting numbers in contact.
Another is send SMS to certain premium service number in its inside.
3. How to prevent
In case of this malicious application, it can work malicious behavior with just adding additional code to send SMS.
The structure looks simple; however, malicious functions are hard to be detected as a normal user.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.