However, another type of Android malicious application which targets various countries including Europe has been reported.
Malicious functions are as usual as we reported before. But the target has been changed.
2. Spreading path and symptoms of infection
This malicious application can spread via various black markets and 3rd party markets and can require various permissions as following.
This malicious application shows only 2 permissions as following.
After the installation, this run screen on following figure will be shown.
* Run Icon
* Run Screen
This malicious application shows the message "Android version is not compatible".
But it contains malicious function with its code inside.
This malicious application registers 1 Receiver to manage SMS, and can set high priority.
* Receiver activating condition.
Upon executed this malicious application, it will get country code from SIM card.
It contains 8 countries code as following "France, Belgium, Swiss, Luxembourg, Canada, Germany, Spain, and England" and tries to send SMS on premium service number.
* Code on country code
* Code on sending premium SMS after checking country code
After the checking country code process, it will send premium SMS secretly and will be received reply SMS. At this time, registered receiver will check received SMS and will forward to certain number(0646112264) and set black list(0646112264).
Since this process intercepts interaction between victim and premium SMS number, infected user can't recognize this ongoing process.
3. How to prevent
Its malicious function doesn't different against we mentioned before, however, its changing target from China or Russia to European countries is noticeable. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.