12345

9/21/2011

Malicious Spyeye application for Android

1. Introduction

Recently, Spyeye malicious application for Android has been reported by various computer security companies.
Finally, it has been revealed that it has no relationship with Spyeye, however, this malicious application can be new threat on mobile security.
And users need to be careful on using this malicious application.


  
2. Spreading path and symptoms of infection

This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.


* Permission explanation
- android:name="android.permission.INTERNET"
- android:name="android.permission.SEND_SMS"
- android:name="android.permission.RECEIVE_SMS"
- android:name="android.permission.PROCESS_OUTGOING_CALLS"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.WRITE_SMS"
- android:name="android.permission.READ_SMS"

This malicious application can work on "Android SDK 1.6 or higher". And it doesn't create run icon because MAIN LAUNCHER is not exist on AndroidManifest.xml.
Installation status can be found on following menu.




Because this malicious application doesn't create run icon, it can be activated based on following code.



This app will display "251340" through Toast after making a call to "325000", after that malicious application will be run. But "251340" is a fake code not real. Following figure shows the result.


Following code shows it can collect SMS on infected phone.



Besides, collected information can be sent to remote server with 2 ways.



1. It can send collected information to certain web site.

2. It can send SMS message on parsing with included xml file.

Following code is a part of "settings.xml".

We can find that this malicious application is generated for the test version.
Including these 3 sections ("telephon", "addr", "tels") and unusable value also can be a reason for test version.

3. How to prevent

This malicious application hasn't a relationship with Spyeye so far. But it can cause serious damage with later version of malicious application.
To use Smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Spy/Android.Spitmo.A

25 comments:

  1. Blogs are good for every one where we get lots of information for any topics nice job keep it up !!!

    ReplyDelete
  2. Man! Android operating system is so vulnerable that you can't even trust Google Play because hackers somehow make their way out even through all the security checks. *face palm*

    ReplyDelete
  3. Your content is nothing short of brilliant in many ways. I think this is engaging and eye-opening material. Thank you so much for caring about your content and your readers. free mp3 download sites

    ReplyDelete
  4. This article gives the light in which we can watch the truth. This is exceptionally pleasant one and gives indepth data. A debt of gratitude is in order for this decent article. towelroot app

    ReplyDelete
  5. Interesting post. I Have Been wondering about this issue, so thanks for posting. Pretty cool post.It 's really very nice and Useful post.Thanks freedom app alternatives

    ReplyDelete
  6. I read your entire article and I genuinely like it. but new update of whatsapp is nice. it's android whatsapp and android mod whatsapp

    ReplyDelete
  7. i have read whole of your article and i really like it. Thanks for sharing here

    ReplyDelete
  8. mini militia pro pack mod apk for free with all updates and new maps and players images etc click

    ReplyDelete
  9. Your content is very unique and informative. Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write.
    Asus customer support

    ReplyDelete
  10. Your content is very unique and informative. Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write. Freedom.apk Download

    ReplyDelete
  11. very nice information also very nice post this is . thanks for share this information ,

    ReplyDelete
  12. Thank you for sharing this very nice post awesome keep sharing.

    ReplyDelete
  13. I was born in united states but grew up in New York.
    happy wheels, These are probably my two favorite games of all time, and I'm trying my best to make it in the top 1-3 of google. fireboy and watergirl .
    Geometry Dash

    ReplyDelete
  14. This comment has been removed by the author.

    ReplyDelete
  15. Hope you will get the letest news about all android game, and download all kind of mod games, free apk for your android mobile. Here is the largest collection of android games and tools only for you, which are free of cost. from APKJA

    ReplyDelete
  16. Very Nice Article keep it up...! Thanks for sharing this amazing information with us...! keep sharing this type of stuff...!
    www.driversin.com

    ReplyDelete
  17. A nice piece of information and looking fabulous, Honest work and please update some more. playbox apk

    ReplyDelete
  18. For those who are not familiar with the term anime series here is a small explanation for you. Anime is a special Japanese animation art form from all genres found in movies.

    anime haven

    ReplyDelete
  19. Freedom APK is an app that lets you unlock the premium features of any free game freely, after installing Freedom APK, whatever game you have in your phone, you will get unlimited coins and keys, the game can be anything like that subway surfers, temple run etc. If you are fond of playing the game then this app is the best app for you, because who likes to play games has the worm to unlock all the features of the game. This is an app that bypasses the credit checking system of Google Play Store, and bills all in app purchases with a Fake Credit Card. We are here providing some links to download all the version of Freedom App, so you can easily install the Freedom App safely in your device.

    ReplyDelete