12345

10/20/2011

[Warning] Identified malicious application disguised as a Battery Doctor

1. Introduction

It's a big trend for being spread malicious Android's application disguised as a normal application these days.
Upon infected, this malicious application can collect certain information and can leak to certain URL.
Therefore, users need to be careful on downloading application.
With increased users of Android, various and malicious applications are also be generated.



 2. Spreading path and symptoms of infection

This following figure describes permission requirement page on installation.




* Permission explanations

- android:name="android.permission.GET_TASKS"
- android:name="android.permission.RESTART_PACKAGES"
- android:name="android.permission.ACCESS_WIFI_STATE"
- android:name="android.permission.BLUETOOTH"
- android:name="android.permission.CHANGE_WIFI_STATE"
- android:name="android.permission.BLUETOOTH_ADMIN"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.WRITE_SETTINGS"
- android:name="android.permission.WRITE_EXTERNAL_STORAGE"
- android:name="android.permission.INTERNET"
- android:name="android.permission.ACCESS_NETWORK_STATE"
- android:name="android.permission.RECEIVE_BOOT_COMPLETED"
- android:name="android.permission.VIBRATE"
- android:name="android.permission.ACCESS_COARSE_LOCATION"
- android:name="android.permission.READ_CONTACTS"
- android:name="android.permission.GET_ACCOUNTS

After the installation, this execution icon on following figure will be generated.



* Icon


* Run screen




After the installation, this will perform following malicious behaviors.

* Malicious behaviors

- Collects IMSI
- Collects user name and e-mail account information
- Tries to leak gathered information

* Collects smartphone information

This malicious application will collect IMEI, manufacturer, and model with following code.



Collected information will be hashed as MD5 form and will be leaked to certain site.

* Collects user name and e-mail account information

This malicious application will collect user name and e-mail account information.



* Tries to leak gathered information

Furthermore, this malicious application will tries to leak gathered information to certain URL.

* External URL

http://push.(~~).com/push(~~)

3. How to prevent

To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Spy/Android.FakeBatteryDoctor.A

10 comments:

  1. If you take some of your time and visit this blog article you will find some info on how to write amazing looking essay. Check it out

    ReplyDelete
  2. Thanks for the info. I will try to avoid that. Have you seen https://writemypaper4me.org/blog/choosing-school this page?

    ReplyDelete
  3. The article is helpful and worth reading. Thanks for the tips. Your blog always made a positive difference in my life
    douchebag workout 2

    ReplyDelete
  4. very nice article, thanks for sharing.
    y8
    superfighters

    ReplyDelete
  5. Finding the best healthcare assignment writing services and Medical Assignment Writing Services is not easy unless one is keen to establish a reliable custom medical research paper provider & medical writing service help online.

    ReplyDelete
  6. Wales publications are well-known publishing solution providers in various disciplines in the UK, Wales Publications serving to scientific organizations worldwide. Contact us for further information and know our best services and deals to achieve your goal.The fast submission process includes rapid publication research in UK that includes unique rapid process, inhouse peer review and 100% acceptance guarantee.

    ReplyDelete
  7. Thank you very much for giving us to express our feeling and thoughts about above information. I think you will keep updating and changing these information time to time if there is need to change.
    best accounting company for small business, international taxation consultant, Ind AS in India , read more , internal auditing assurance consulting india, accountant service.

    ReplyDelete
  8. Quickbooks Tool Hub resolves any kinds of error that the user gets during in their qb desktop application, that can be common Quickbooks error, errors like performance errors, installation errors, any types of network issues and similar kind of errors.

    ReplyDelete