INCA Internet response team detected malicious application which collects smartphone information and tries to leak collected information on Chinese unofficial Android market. This malicious application is introduced as a collecting tool on smartphone; however, it collects various information and tries to leak collected information in the case of being routed. If this application gets root permission, it can connect on certain extenal server and can perform various malicious behaviors. Therefore, users need to be careful on using smartphone.
2. Spreading path and symptom of infection
This malicious file can be spread via Chinese unofficial Android markets.
Of course, this app hasn't appear in Korea so far. But this app can be installed in Android smartphone.
This malicious application requires following permissions
This malicious application registers one receiver and one service. It can work following malicious behaviors.
Furthermore, it will collects smartphone device information with following code.
Collected smartphone device information can be shown on user with image files.
Besides, collected information can be leaked on certain external site with following code.
Following figures are the collected information and external site.
Malicious behavior of audio.service.apk(Additionally downloaded malicious file)
This additional malicious application also works similar as previous malicious application.
But, additionally installed malicious application collects little different information.
3. How to prevent
Working malicious application after get route permission can modify device. Therefore, it can cause downloading additional malicious application or send premium SMS. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.