[Information] Android malicious application in Europe

1. Introduction

In case of Android malicious applications, which have been found so far, aimed to Chinese or Russian smartphone users.
However, another type of Android malicious application which targets various countries including Europe has been reported.
Malicious functions are as usual as we reported before. But the target has been changed.

2. Spreading path and symptoms of infection

This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.

* Permission explanations

- android:name="android.permission.INSTALL_PACKAGES"
- android:name="android.permission.USE_CREDENTIALS"
- android:name="android.permission.INTERNET"
- android:name="android.permission.BLUETOOTH_ADMIN"
- android:name="android.permission.DEVICE_POWER"
- android:name="android.permission.READ_CONTACTS"
- android:name="android.permission.SEND_SMS"
- android:name="android.permission.RECEIVE_SMS"
- android:name="android.permission.ACCESS_GPS"
- android:name="android.permission.ACCESS_LOCATION"

This malicious application shows only 2 permissions as following.
After the installation, this run screen on following figure will be shown.

* Run Icon

* Run Screen

This malicious application shows the message "Android version is not compatible".
But it contains malicious function with its code inside.

* Malfunction

- Set country code and use premium SMS service

This malicious application registers 1 Receiver to manage SMS, and can set high priority.

* Receiver activating condition.

* If checked

- "android.provider.Telephony.SMS_RECEIVED"

Upon executed this malicious application, it will get country code from SIM card.
It contains 8 countries code as following "France, Belgium, Swiss, Luxembourg, Canada, Germany, Spain, and England" and tries to send SMS on premium service number.

* Code on country code

* Code on sending premium SMS after checking country code

After the checking country code process, it will send premium SMS secretly and will be received reply SMS. At this time, registered receiver will check received SMS and will forward to certain number(0646112264) and set black list(0646112264).

Since this process intercepts interaction between victim and premium SMS number, infected user can't recognize this ongoing process.

3. How to prevent

Its malicious function doesn't different against we mentioned before, however, its changing target from China or Russia to European countries is noticeable. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

* Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.


  1. Some awesome and interesting stuff about unique schools in the world you will find in this blog post. I think that you need to check it out as soon as possible

  2. i was looking for a list of blogs for commenting thanks. Androdumpper Whatsdog Testdpc

  3. we have to protect our android devices thanks for sharing this blog post


  4. Recent malware campaigns in Europe are using similar overlay

    download for android

  5. It’s difficult to get knowledgeable folks on this topic, but the truth is be understood as what happens you’re preaching about! Thanks. Insta stalker is one of the best anonymous Instagram stories viewer. You can use it to stalk stories and users.

  6. having a bitter experience on my own because I've just completely damage my mobile from malicious application and the viruses the 3rd party application which are anonymously developed for getting our files and many thing for our mobile.

  7. Of the sorts of venture which qualify for a home allow, Genuine bequest venture gives conceivably the most excellent liquidity and security whereas also (statistically) being the foremost compelling way to urge endorsement from the Office of Citizenship and Relocation Undertakings - having the most elevated endorsement rate. https://www.immigration-residency.eu/residence-permit-latvia/real-estate/