12345

6/08/2012

[Warning] Spreading malicious files via fake Google play market

1. Information

INCA Internet response team detected malicious APK files are spreading from certain fake Google play site. Not only for this case, had we reported various cases including shortened URL service on SNS and famous streaming video-sharing website. With the increasing number of Android user, security threats are growing at the same time. Therefore, users should notice about malicious files for Android users.



2. Spreading cases and symptom of infection

[Information] Continuous threats of Android malicious files
http://en-erteam.nprotect.com/2012/04/information-countinuous-threats-of.html


[Issue] Zombie phone on calling for Korean user?
http://en-erteam.nprotect.com/2012/04/issue-zombie-phone-on-calling-for.html

Official address of Google play is https://play.google.com. Language of that site goes with browser's language.


Fake Google play site shows Russian language.


This site shows about 50 famous Android applications for download.
Besides, each app shows installation procedure and tries to be installed with disguising as a normal app.
This site contains several famous Anti-Virus apps.


When user chooses certain area, APK file will be downloading and installed with additional command. All of these apps are malicious APK files and coded same technique including "classes.dex". Only different thing of these files is its icon.




Following phase will be shown on installation.





These malicious files can be detected on our nProtect Mobile for Android.


Not only for this web site, various fake web sites were found.


INCA Internet has detected various Android malicious files on overseas.

Following set of capture images means various abnormal markets are on working.


3. Summary

With the growth of Android users, the number of malicious attackers is also increasing.
There hasn't been actual statistic report or real damage case so far, though; users need to be careful from these security threats. . To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function “ON”
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.

1 comment:

  1. Nice blog, its great article informative post, thanks for sharing it. Thanks for the information!

    ReplyDelete