[Warning] Android malicious file on Japanese porn site

1. Information

Few days ago, Android's malicious application's spread through file sharing site was big issue.
Officially, this was the first case of being found. INCA Internet Security Response Center's Emergency Response Team has detected malicious file aiming at Japanese users, so we want to share about that.
This malicious application has same symptom as found before in Korea.

Though, it doesn't have malicious purpose, just collecting information without user's decision can be harmful someday.

[Information] Automatic detection and analysis system of malicious Android application

2. Spreading path and symptoms of infection

In case of this malicious APK file, there hasn't been reported specific damage case on Korea; however, it is just spreading on Japanese porn sites and it is added as a pattern of our Anti-Virus.

Spreading files through

Direct URL link on certain porn site
Disguised as an essential file on distributor's web site

Clicking URL on that site can download APK file.

User can download on Japanese porn site.

This malicious application requires some permissions as following.

Permission explanation

- android:name="android.permission.GET_ACCOUNTS"
- android:name="android.permission.INTERNET"

After installation, following run icon will be created. But it doesn't have its name.

Symptoms of infection

After the installation, executing malicious application will redirect user's page to payment.

Following is the sequence of malicious behaviors.

Malicious behaviors.

- Collects Google Email accounts
- Collects smartphone information including IMEI and contact
- Tries to leak to external site
- hxxp://(~).com/send.php?a_id=[IMEI]&telno=[telephone number]&m_addr=[Google Email account]&usr_id=[NULL]

It accesses porn site with that address and it registers receiver with following code.

We can check the receiver registering procedure. At this time, receiver checks certain service and if a certain service is performing, it tries to leak to external site.

Following capture is a procedure of dynamic debugging. Disclosure of information is forward "- hxxp://(~).com/send.php?a_id=[IMEI]&telno=[telephone number]&m_addr=[Google Email account]&usr_id=[NULL]"

3. How to prevent

In case of this malicious application, it aimed at Russia and China, however; it is spreading all over the world in these days. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name
- Trojan/Android.Jporn.A


  1. Wonderful tips. All of these tips are very helpful. I have taken some of tips from here. Thanks for your great tips. Keep it up... Japanese Porn

  2. Nice blog and this information are good for all we are geeks per hour review also give this type of services: porn movie

  3. Peer-to-peer folder distribution; this software helps users to connect to a peer-to-peer network in order to search for folders in the public network of other users linked to the network.

  4. Hi,
    Thank you for the great information and have shared something useful about androids.(http://www.hifreelancer.com)

  5. Usually TeenSafe application is used by parents who want to track their kid’s phone and tablets, have a look at this link for more info

  6. After reading your post, the malware described by you sounds pretty dangerous as it steals phone's IMEI information.

  7. Do you know that you can visit this blog and get the full info about narrative essay writing? Share this info with your friends.

  8. Additionally, they will outline the qualities of Pay for Term Papers, and the advantages of hiring outstanding How to Write a Nursing Research Paper, as well as the qualities to consider when selecting this company for Legit Essay Writing Service.

  9. Wales publications are well-known publishing solution providers in various disciplines in the UK, Wales Publications serving to scientific organizations worldwide. Contact us for further information and know our best services and deals to achieve your goal.The fast submission process includes rapid publication research in UK that includes unique rapid process, inhouse peer review and 100% acceptance guarantee.