In the midst of booming malicious applications, a peculiar one which tries to steal e-mail account and password has been found.
This malicious application is disguised as a streaming player.
Furthermore, it induces user to input his ID and password which can be leaked finally.
2. Spreading path and symptoms of infection
This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.
* Permission explanations
- android:name="android.permission.INTERNET"
- android:name="android.permission.INTERNET"
- android:name="android.permission.ACCESS_NETWORK_STATE"
- android:name="android.permission.ACCESS_WIFI_STATE"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.WAKE_LOCK"
- android:name="android.permission.INJECT_EVENTS"
- android:name="android.permission.READ_LOGS"
- android:name="android.permission.WRITE_EXTERNAL_STORAGE"
- android:name="android.permission.DUMP"
- android:name="android.permission.GET_TASKS"
- android:name="android.permission.INTERNET"
- android:name="android.permission.INTERNET"
- android:name="android.permission.ACCESS_NETWORK_STATE"
- android:name="android.permission.ACCESS_WIFI_STATE"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.WAKE_LOCK"
- android:name="android.permission.INJECT_EVENTS"
- android:name="android.permission.READ_LOGS"
- android:name="android.permission.WRITE_EXTERNAL_STORAGE"
- android:name="android.permission.DUMP"
- android:name="android.permission.GET_TASKS"
After the installation, this run icon on following figure will be generated.
Upon executing application, following run screen will appear.
This malicious application can be disguished by its layout.
Left one is Normal and Right one is Malicious version.
Following code shows that this malicious application will leak information to certain URL.
* Destination URL
http://erofolio.[~~].biz/login.php
http://erofolio.[~~].biz/login.php
Difference can be also shown in login procedure.
3. How to prevent
General users can be easily deceived by fake malicious application. This application can induce user to download and use, and leaked information can be used malicious way.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
Smartphone security management tips
1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.
1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.
Diagnosis name
- Trojan-Spy/Android.FakeNefilix.A
it is really awesome to discover your site on the web as it really those ones who are just starting to explore the topic it outsourcing services
ReplyDeleteThis comment has been removed by the author.
ReplyDelete