INCA Internet's Emergency Response Team's official blog.: [Warning]Android malicious application which steals E-mail account and password has been reported.

1. Introduction

Various Android malicious applications which steal E-mail account and password have been reported in these days.
In the midst of booming malicious applications, a peculiar one which tries to steal e-mail account and password has been found.
This malicious application is disguised as a streaming player.
Furthermore, it induces user to input his ID and password which can be leaked finally.

2. Spreading path and symptoms of infection

This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.

* Permission explanations
- android:name="android.permission.INTERNET"
- android:name="android.permission.INTERNET"
- android:name="android.permission.ACCESS_NETWORK_STATE"
- android:name="android.permission.ACCESS_WIFI_STATE"
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.WAKE_LOCK"
- android:name="android.permission.INJECT_EVENTS"
- android:name="android.permission.READ_LOGS"
- android:name="android.permission.WRITE_EXTERNAL_STORAGE"
- android:name="android.permission.DUMP"
- android:name="android.permission.GET_TASKS"

After the installation, this run icon on following figure will be generated.

Upon executing application, following run screen will appear.
This malicious application can be disguished by its layout.
Left one is Normal and Right one is Malicious version.

Following code shows that this malicious application will leak information to certain URL.

* Destination URL

http://erofolio.[~~].biz/login.php

Difference can be also shown in login procedure.

3. How to prevent

General users can be easily deceived by fake malicious application. This application can induce user to download and use, and leaked information can be used malicious way.
To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Spy/Android.FakeNefilix.A