Malicious Spyeye application for Android

1. Introduction

Recently, Spyeye malicious application for Android has been reported by various computer security companies.
Finally, it has been revealed that it has no relationship with Spyeye, however, this malicious application can be new threat on mobile security.
And users need to be careful on using this malicious application.

2. Spreading path and symptoms of infection

This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.

* Permission explanation
- android:name="android.permission.INTERNET"
- android:name="android.permission.SEND_SMS"
- android:name="android.permission.RECEIVE_SMS"
- android:name="android.permission.PROCESS_OUTGOING_CALLS"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.WRITE_SMS"
- android:name="android.permission.READ_SMS"

This malicious application can work on "Android SDK 1.6 or higher". And it doesn't create run icon because MAIN LAUNCHER is not exist on AndroidManifest.xml.
Installation status can be found on following menu.

Because this malicious application doesn't create run icon, it can be activated based on following code.

This app will display "251340" through Toast after making a call to "325000", after that malicious application will be run. But "251340" is a fake code not real. Following figure shows the result.

Following code shows it can collect SMS on infected phone.

Besides, collected information can be sent to remote server with 2 ways.

1. It can send collected information to certain web site.

2. It can send SMS message on parsing with included xml file.

Following code is a part of "settings.xml".

We can find that this malicious application is generated for the test version.
Including these 3 sections ("telephon", "addr", "tels") and unusable value also can be a reason for test version.

3. How to prevent

This malicious application hasn't a relationship with Spyeye so far. But it can cause serious damage with later version of malicious application.
To use Smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Spy/Android.Spitmo.A

1 comment:

  1. Blogs are good for every one where we get lots of information for any topics nice job keep it up !!!