[Caution] SMS related malicious applications are being spread.

1. Introduction

With a continuous growth of mobile security threats, SMS related Android's malicious applications are rapidly considerable these days.
The range of infected symptom is getting wider including sending SMS, the new symptom of recent malicious application. Upon infected this malicious application, users can be caused unexpected payment or can be used certain advertisement.

Following figure is a result of the type of collected malicious applications for the last week.

[58% : Related SMS, 37% : Rooting, ETC : 5%]

  
2. Spreading path and symptoms of infection

This malicious application can be spread via various black markets and 3rd party markets.

Recently spread SMS related application is not as a repackaged technique but as an application itself.

Following figure is the installation screen of one of SMS related malicious applications aiming at Russian user.
It has various variants and can ask permission as following.

* Permission explanation
- android:name="android.permission.ACCESS_NETWORK_STATE"
- android:name="android.permission.ACCESS_WIFI_STATE"
- android:name="android.permission.CAMERA"
- android:name="android.permission.CHANGE_CONFIGURATION"
- android:name="android.permission.EXPAND_STATUS_BAR"
- android:name="android.permission.CONTROL_LOCATION_UPDATES"
- android:name="android.permission.GET_ACCOUNTS"
- android:name="android.permission.BATTERY_STATS"
- android:name="android.permission.INTERNET"
- android:name="android.permission.INSTALL_PACKAGES"
- android:name="android.permission.SEND_SMS"
- android:name="android.permission.READ_CALENDAR"
- android:name="android.permission.READ_CONTACTS"
- android:name="android.permission.READ_FRAME_BUFFER"
- android:name="com.android.browser.permission.READ_HISTORY_BOOKMARKS"
- android:name="android.permission.READ_LOGS"
- android:name="android.permission.STATUS_BAR"
- android:name="android.permission.SYSTEM_ALERT_WINDOW"
- android:name="android.permission.VIBRATE"
- android:name="android.permission.WRITE_CONTACTS"
- android:name="android.permission.WRITE_CALENDAR"

After being installed, following icon will be created and you can see following run screen.


  
* Icon

* Run screen

This malicious application will send SMS on clicking button in main screen based on following code, designating receiving number will be made by Dialog parsing technique.

Sending SMS will be performed secretly through thread technique.

3. How to prevent

To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.