INCA Internet response team detected malicious application which collects smartphone information and tries to leak collected information on Chinese unofficial Android market. This malicious application is introduced as a collecting tool on smartphone; however, it collects various information and tries to leak collected information in the case of being routed. If this application gets root permission, it can connect on certain extenal server and can perform various malicious behaviors. Therefore, users need to be careful on using smartphone.
2. Spreading path and symptom of infection
This malicious file can be spread via Chinese unofficial Android markets.
Of course, this app hasn't appear in Korea so far. But this app can be installed in Android smartphone.
This malicious application requires following permissions
Requiring permissions
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.INSTALL_PACKAGES"
- android:name="android.permission.DELETE_PACKAGES"
- android:name="android.permission.ACCESS_NETWORK_STATE"
- android:name="android.permission.ACCESS_COARSE_LOCATION"
- android:name="android.permission.INTERNET"
- android:name="android.permission.ACCESS_FINE_LOCATION"
Malicious behaviors
- Require root permission on rooted smartphone
- Install additional malicious application
- Collect smartphone device information and try to leak
This malicious application registers one receiver and one service. It can work following malicious behaviors.
Malicious behaviors of receiver and service
::Receiver(PR.class)
- It monitors installation status of malicious application(audio.service.apk) with broadcase receiver.
- It starts this application after installed additional malicious application
::Service(IS.class)
- It checks rooting status.
- It requires root permission if routed.
::Receiver(PR.class)
- It monitors installation status of malicious application(audio.service.apk) with broadcase receiver.
- It starts this application after installed additional malicious application
::Service(IS.class)
- It checks rooting status.
- It requires root permission if routed.
Furthermore, it will collects smartphone device information with following code.
Collected smartphone device information can be shown on user with image files.
Besides, collected information can be leaked on certain external site with following code.
Following figures are the collected information and external site.
Collected and being leaked smartphone device information
- IMEI
- IMSI
- GPS info(CELL type)
- SIM status(Communication available statue)
- Network provider info
- Roaming status
External site URL
- http://svr.[~~].com/Notice/
Malicious behavior of audio.service.apk(Additionally downloaded malicious file)
This additional malicious application also works similar as previous malicious application.
Malicious behaviors of audio.service.apk
- Check rooting status
- Collect smartphone device info and leak to external site
But, additionally installed malicious application collects little different information.
Collected smartphone device info
- IMEI
- IMSI
- GPS info(CELL type)
- Smartphone model info
- SDK info
- Version info(2.01)
- Network status info(3G, LTE, WIFI)
URL of external site
- http://svr.(~~~).com/Foreuner/
3. How to prevent
Working malicious application after get route permission can modify device. Therefore, it can cause downloading additional malicious application or send premium SMS. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
Smartphone security
management tips
1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function.
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.
1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function.
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.
Diagnosis name
- Backdoor/Android.Xsider.A
- Backdoor/Android.Xsider.B
Really nice app.Thanks a lot for your sharing.I would like to share little bit.The Google Play store is additionally home to many antivirus apps that can offer an additional layer of insurance. Discovering the right one, be that as it may, can at times be troublesome. A straightforward "antivirus" seek in the store yields more than 250 results. So which one would it be advisable for you to pick?
ReplyDeleteOrganizations like Avast, AVG, Bitdefender, Kaspersky, Sophos, Symantec (Norton), and Trendmicro have long and built histories as the absolute most trusted brands in the business.
~Anderson.
If you are tech geek and wish to explore even more articles on security issues, get this iphone spy that would show you that your security is nothing these days.
ReplyDeleteEven antivirus sometime won't detect these malicious apps because of the backdoors the hackers know which they are exploiting to bypass these detections. Users can't even trust apps in official app stores.
ReplyDeleteEven antivirus sometime won't detect these malicious apps because of the backdoors the hackers know which they are exploiting to bypass these detections. Users can't even trust apps in official app stores. Thanks for share thsi mamazing post with us ,....
ReplyDeleteThanks For Sharing this Wonderfull article really appreciating this post keep sharing
ReplyDeleteTutuapp for Android Awesome post
I appreciate it!. I really like it when people get together and share ideas. Great website, continue the good work!. Either way, great web and I look forward to seeing it grow over time. Thank you so much.
ReplyDeletesuper smash flash 2
bloons tower defense 5
ReplyDeletegarageband for pc
GarageBand For Windows: GarageBand is a digital audio workstation for Apple users to create music or podcasts. And this software was developed by Apple Inc.
If you were assigned with writing a synthesis essay and you don't know where to start, this guide might just help you.
ReplyDeleteVery Interesting and wonderfull information keep sharing
ReplyDeleteapps like tutuapp
This is very great and brilliant information.
ReplyDeleteHello everyone, was interesting to read your article. Usually i'm reading New York Times , but now i will read you too!
ReplyDeleteI think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. TutuApp Free Apk
ReplyDeleteare bed bug bites dangerous to your health
ReplyDeleteRemedies to Get Rid of Bed Bugs
KineMaster for ios
ReplyDeleteFree fire ios
KineMaster
garena Free fire
iddaa'da yer alan yüksek oranlı maçlar için tıklayın.
ReplyDeleteThanks for the information you shared, I will immediately apply to check camouflage smartphone information
ReplyDeleteThank you for sharing …. very useful information.
ReplyDeletei will share this amazing website where you will find films streaming www.streamcomplet.band
افضل شركة تخزين اثاث بالرياض http://tiny.cc/3kph5y لكى تتم عمليه التخزين بالشكل المرغوب فيه لابد من اتباع مجموعه من الطرق والخطوات من أبرزها :
ReplyDelete1-الاعتماد على مجموعه من المستودعات الكبيرة التى تكفى لعدد هائل من العملاء ؛فالمستودعات مكان شاسع لديه عدد كبير من الحجرات والأدوار التى تكفى للكثير من أجزاء العفش أو الاثاث بمختلف أشكاله ؛سواء الاثاث المنزلى أو الفندقى أو غيرها من أشكال الاثاث الأخرى .
2-العمل على تركيب مجموعه من أجهزة الانذار أو التنبيه التى تنذر بوجود أى مشكلات داخل المستودعات .
3-العمل على تركيب مجموعه من البوابات المحكمة التى تساعد على حمايه المخازن من التعرض للسرقات أو الحرائق.
4-العنايه بأعمال تنظيف المخازن والمستودعات من التعرض للشوائب والأدخنة والتلفيات الخطيرة .
5-القيام بأعمال رش الحشرات اعتمادا على مجموعه من المبيدات وأدوات الرش الحديثة للتخلص من كافه أشكال الحشرات من نمل وبق وصراصير وعته وغيرها من أشكال الحشرات الخطيرة الأخرى التى تتسبب فى تأكل وتلف الاثاث وأشكال المجالس بمختلف أشكالها.
5-أعمال تنظيف العفش
تتمكن شركة تنظيف شقق بالرياض من القيام بأعمال تنظيف العفش بجميع أشكاله والحصول على أفضل النتائج المميزة ؛فالشركة تعتمد على أفضل المنظفات الحديثة وأفضل المساحيق القوية وأجهزة البخار التى تساعد على اتمام أعمال تنظيف الاثاث والتخلص من البقع الداكنة التى تحتاج الى أعمال تفتيت سريعه .
1-أعمال تنظيف المجالس
تتمكن الشركة من القيام بأعمال تنظيف الانتريهات أو الكنب وغيرها من أشكال المجالس الأخرى ؛تلك المجالس تتعرض للشوائب والعوالق والأحبار ؛لذلك يتم الاعتماد على مجموعه من الأجهزة وخاصه أجهزة البخار التى تتمكن من تفتيت الدهون والرواسب بمختلف أشكالها .
2-أعمال تنظيف الكنب
تعتبر الكنب من أهم أشكال المجالس التى يتم الاعتماد عليها من أجل الراحة والحصول على قدر مميز من الراحة ؛لذلك فهى تحتاج الى أعمال تنظيف متكررة ويتم الاعتماد على المساحيق والمنظفات الحديثة وأفضل المعطرات التى تساعد على تنظيف الكنب من أى شوائب .
فقط نحن أفضل شركة تخزين عفش بالرياض أفضل شركة سعودية تتمكن من نقل العفش بأفضل الطرق الصحيحة والمميزة ؛فقط نحن الأفضل لا تدع الفرصه تفوتك ؛فنحن شركة لديها مكانة مميزة من بين الشركات الاخرى ؛فقط اتصل بأرقامنا .… اقرأ المزيد
المصدر: شركة تخزين اثاث بالرياض