[Warning] Android malicious applications that operate without user awareness are increasing.

1. Introduction

According to increasing smartphone security threats, malicious applications are generated continuously.
To extend life cycle of malicious application itself, it uses various techniques.
One of the most prevalent techniques is working on background.
Malicious application which is working on background, tries to send SMS and collects information are increasing.

2. Spreading path and symptoms of infection

Since this malicious application hasn't been spread in Korea, special damage case hasn't been reported so far.
This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.

* Features on installation and granting permission

* Permission explanations
- android:name="android.permission.SEND_SMS"
- android:name="android.permission.READ_SMS"
- android:name="android.permission.WRITE_SMS"
- android:name="android.permission.RECEIVE_SMS"
- android:name="android.permission.DEVICE_POWER"
- android:name="android.permission.WRITE_APN_SETTINGS"
- android:name="android.permission.ACCESS_NETWORK_STATE"
- android:name="android.permission.BROADCAST_PACKAGE_REMOVED"
- android:name="android.permission.BROADCAST_PACKAGE_ADDED"
- android:name="android.permission.ACCESS_WIFI_STATE"
- android:name="android.permission.CHANGE_WIFI_STATE"
- android:name="android.permission.WAKE_LOCK"
- android:name="android.permission.INTERNET"
- android:name="android.permission.WRITE_EXTERNAL_STORAGE"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.KILL_BACKGROUND_PROCESSES

Malicious application always asks permissions related system internal information such as "SMS", "PHONE_STATE".
"KILL_BACKGROUND_PROCESSES" is for killing background processes.

Because "LAUNCHER" of Main activity is not defined, this malicious application doesn't have run icon.
This kind of malicious application can be found on "Third-party" on its installation status.

* Malicious behaviors

This malicious application can send SMS for advertisement and can collect contacts, IMSI and so on.
Furthermore, collected information can be leaked to certain external URL. Following code shows collecting IMEI, model name, Android platform and SDK version, and contacts.

Sending SMS function

A. Sends SMS

B. Sends MMS

On certain condition, it can send SMS or MMS.

Furthermore, this malicious application can collect running application list and can terminate running application.

With the code above, we can confirm that this can kill running application.

※ Method "killBackgroundProcesses()" can terminate process version 2.2 or higher, however, method "restartPackage()" can terminate process 2.1 or lower version.

3. How to prevent

To use PC safely from security threats of these malicious files, we recommend following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

 - Trojan-SMS/Android.AdSms.F


  1. Talking about useful information, I can recommend info from https://justdomyhomework.com/blog/essay-about-yourself for students. You can use these tips in order to write an essay about yourself.

  2. Searching to seek Australian students assignment help services from professionals? Then come at StudentsAssignmentHelp.com and receive top quality academic writing help. Our writers achieve all your academic deadlines and make sure you do not miss out any.

  3. Walatra Propolis Brazil Original merupakan sumber nutrisi sempurna dan suplemen yang lengkap dengan potensi tak terbatas, yang mampu memberikan manfaat yang baik untuk kesehatan.

  4. Get Australian assignment writing service by top Australian academic writers at My Assignment Help OZ. Our team of qualified academic writers help you to get best academic grades.

  5. Get Australian assignment services at no.1 Australian assignment writing provider company My Assignment Help OZ. To know more visit us now!

  6. Walatra Propolis Brazil merupakan sumber nutrisi sempurna dan suplemen yang lengkap dengan potensi tak terbatas, yang mampu memberikan manfaat yang baik untuk kesehatan.

  7. I really like the contents of your site, this is very meaningful for me. Thanks for sharing an amazing post. tarot card reading love prediction

  8. I admire this article for the well researched content. I am very impressed with your work skills. Thanks to share this with us. Also, check: Love Tarot Spread