Finally, it has been revealed that it has no relationship with Spyeye, however, this malicious application can be new threat on mobile security.
And users need to be careful on using this malicious application.
2. Spreading path and symptoms of infection
This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.
This malicious application can work on "Android SDK 1.6 or higher". And it doesn't create run icon because MAIN LAUNCHER is not exist on AndroidManifest.xml.
Installation status can be found on following menu.
Because this malicious application doesn't create run icon, it can be activated based on following code.
This app will display "251340" through Toast after making a call to "325000", after that malicious application will be run. But "251340" is a fake code not real. Following figure shows the result.
Following code shows it can collect SMS on infected phone.
Besides, collected information can be sent to remote server with 2 ways.
1. It can send collected information to certain web site.
2. It can send SMS message on parsing with included xml file.
Following code is a part of "settings.xml".
Including these 3 sections ("telephon", "addr", "tels") and unusable value also can be a reason for test version.
3. How to prevent
This malicious application hasn't a relationship with Spyeye so far. But it can cause serious damage with later version of malicious application.
To use Smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.