To extend life cycle of malicious application itself, it uses various techniques.
One of the most prevalent techniques is working on background.
Malicious application which is working on background, tries to send SMS and collects information are increasing.
2. Spreading path and symptoms of infection
Since this malicious application hasn't been spread in Korea, special damage case hasn't been reported so far.
This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.
* Features on installation and granting permission
Malicious application always asks permissions related system internal information such as "SMS", "PHONE_STATE".
"KILL_BACKGROUND_PROCESSES" is for killing background processes.
Because "LAUNCHER" of Main activity is not defined, this malicious application doesn't have run icon.
This kind of malicious application can be found on "Third-party" on its installation status.
* Malicious behaviors
This malicious application can send SMS for advertisement and can collect contacts, IMSI and so on.
Furthermore, collected information can be leaked to certain external URL. Following code shows collecting IMEI, model name, Android platform and SDK version, and contacts.
Sending SMS function
A. Sends SMS
B. Sends MMS
On certain condition, it can send SMS or MMS.
Furthermore, this malicious application can collect running application list and can terminate running application.
With the code above, we can confirm that this can kill running application.
3. How to prevent
To use PC safely from security threats of these malicious files, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.