This kind of premium SMS service is being operated in overseas countries.
But other kind of malicious application targeting victims in various countries has been reported in these days, and variants of this SMS related malicious applications are expected to emerge.
With increasing security threats, users need to be careful on downloading application.
2. Spreading path and symptoms of infection
This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.
This following figure describes permission requirement page on installation.
Since this application is packaged as an installation file, it doesn't need certain permission, but needs permission for sending SMS.
After the installation, this run screen on following figure will be shown.
It tries to download certain application "geared" and you can click "Next" button for downloading and installation.
* Permission requirement of "Geared"
* Run screen
In the page "Rules", it shows term and condition page as following.
We can find the word "make payment" about accessing certain contents and being paid for SMS. But this page could hardly be read usually.
One unusual thing is that both applications have different package names.
* Detailed analysis
Malicious function can be shown on following code.
This kind of malicious function can be activated after executed application and clicking button, victim can't notice about sending SMS.
In case of this SMS sent as a SMS Delivery code, it won't be recorded in sent box.
Besides, this malicious application will perform confirming code about operator of infected smartphone, set language based on that analysis.
"countries.cfg" for setting language and "sms.cfg" for parsing URL on downloading additional game application(geared) in "Raw" folder.
Some part of following code are country code.
3. How to prevent
This kind of SMS related malicious application is a big trend on Android's malicious applications.
In case of this malicious application, however, it has its feature that is uses various social engineering technique and targets multiple countries. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
* INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Mobile for Android for mobile such as malicious file stated above and runs responding system against various security threats.