INCA Internet response team detected malicious application which collects smartphone information and tries to leak collected information on Chinese unofficial Android market. This malicious application is introduced as a collecting tool on smartphone; however, it collects various information and tries to leak collected information in the case of being routed. If this application gets root permission, it can connect on certain extenal server and can perform various malicious behaviors. Therefore, users need to be careful on using smartphone.
2. Spreading path and symptom of infection
This malicious file can be spread via Chinese unofficial Android markets.
Of course, this app hasn't appear in Korea so far. But this app can be installed in Android smartphone.
This malicious application requires following permissions
Requiring permissions
- android:name="android.permission.READ_PHONE_STATE"
- android:name="android.permission.INSTALL_PACKAGES"
- android:name="android.permission.DELETE_PACKAGES"
- android:name="android.permission.ACCESS_NETWORK_STATE"
- android:name="android.permission.ACCESS_COARSE_LOCATION"
- android:name="android.permission.INTERNET"
- android:name="android.permission.ACCESS_FINE_LOCATION"
Malicious behaviors
- Require root permission on rooted smartphone
- Install additional malicious application
- Collect smartphone device information and try to leak
This malicious application registers one receiver and one service. It can work following malicious behaviors.
Malicious behaviors of receiver and service
::Receiver(PR.class)
- It monitors installation status of malicious application(audio.service.apk) with broadcase receiver.
- It starts this application after installed additional malicious application
::Service(IS.class)
- It checks rooting status.
- It requires root permission if routed.
::Receiver(PR.class)
- It monitors installation status of malicious application(audio.service.apk) with broadcase receiver.
- It starts this application after installed additional malicious application
::Service(IS.class)
- It checks rooting status.
- It requires root permission if routed.
Furthermore, it will collects smartphone device information with following code.
Collected smartphone device information can be shown on user with image files.
Besides, collected information can be leaked on certain external site with following code.
Following figures are the collected information and external site.
Collected and being leaked smartphone device information
- IMEI
- IMSI
- GPS info(CELL type)
- SIM status(Communication available statue)
- Network provider info
- Roaming status
External site URL
- http://svr.[~~].com/Notice/
Malicious behavior of audio.service.apk(Additionally downloaded malicious file)
This additional malicious application also works similar as previous malicious application.
Malicious behaviors of audio.service.apk
- Check rooting status
- Collect smartphone device info and leak to external site
But, additionally installed malicious application collects little different information.
Collected smartphone device info
- IMEI
- IMSI
- GPS info(CELL type)
- Smartphone model info
- SDK info
- Version info(2.01)
- Network status info(3G, LTE, WIFI)
URL of external site
- http://svr.(~~~).com/Foreuner/
3. How to prevent
Working malicious application after get route permission can modify device. Therefore, it can cause downloading additional malicious application or send premium SMS. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
Smartphone security
management tips
1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function.
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.
1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function.
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.
Diagnosis name
- Backdoor/Android.Xsider.A
- Backdoor/Android.Xsider.B
Really nice app.Thanks a lot for your sharing.I would like to share little bit.The Google Play store is additionally home to many antivirus apps that can offer an additional layer of insurance. Discovering the right one, be that as it may, can at times be troublesome. A straightforward "antivirus" seek in the store yields more than 250 results. So which one would it be advisable for you to pick?
ReplyDeleteOrganizations like Avast, AVG, Bitdefender, Kaspersky, Sophos, Symantec (Norton), and Trendmicro have long and built histories as the absolute most trusted brands in the business.
~Anderson.
If you are tech geek and wish to explore even more articles on security issues, get this iphone spy that would show you that your security is nothing these days.
ReplyDeleteEven antivirus sometime won't detect these malicious apps because of the backdoors the hackers know which they are exploiting to bypass these detections. Users can't even trust apps in official app stores.
ReplyDeleteEven antivirus sometime won't detect these malicious apps because of the backdoors the hackers know which they are exploiting to bypass these detections. Users can't even trust apps in official app stores. Thanks for share thsi mamazing post with us ,....
ReplyDeleteThanks For Sharing this Wonderfull article really appreciating this post keep sharing
ReplyDeleteTutuapp for Android Awesome post
I appreciate it!. I really like it when people get together and share ideas. Great website, continue the good work!. Either way, great web and I look forward to seeing it grow over time. Thank you so much.
ReplyDeletesuper smash flash 2
bloons tower defense 5
ReplyDeletegarageband for pc
GarageBand For Windows: GarageBand is a digital audio workstation for Apple users to create music or podcasts. And this software was developed by Apple Inc.
If you were assigned with writing a synthesis essay and you don't know where to start, this guide might just help you.
ReplyDeleteVery Interesting and wonderfull information keep sharing
ReplyDeleteapps like tutuapp
This is very great and brilliant information.
ReplyDeleteHello everyone, was interesting to read your article. Usually i'm reading New York Times , but now i will read you too!
ReplyDeleteI think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. TutuApp Free Apk
ReplyDeleteare bed bug bites dangerous to your health
ReplyDeleteRemedies to Get Rid of Bed Bugs
KineMaster for ios
ReplyDeleteFree fire ios
KineMaster
garena Free fire
iddaa'da yer alan yüksek oranlı maçlar için tıklayın.
ReplyDeleteThanks for the information you shared, I will immediately apply to check camouflage smartphone information
ReplyDeleteThank you for sharing …. very useful information.
ReplyDeletei will share this amazing website where you will find films streaming www.streamcomplet.band
افضل شركة تخزين اثاث بالرياض http://tiny.cc/3kph5y لكى تتم عمليه التخزين بالشكل المرغوب فيه لابد من اتباع مجموعه من الطرق والخطوات من أبرزها :
ReplyDelete1-الاعتماد على مجموعه من المستودعات الكبيرة التى تكفى لعدد هائل من العملاء ؛فالمستودعات مكان شاسع لديه عدد كبير من الحجرات والأدوار التى تكفى للكثير من أجزاء العفش أو الاثاث بمختلف أشكاله ؛سواء الاثاث المنزلى أو الفندقى أو غيرها من أشكال الاثاث الأخرى .
2-العمل على تركيب مجموعه من أجهزة الانذار أو التنبيه التى تنذر بوجود أى مشكلات داخل المستودعات .
3-العمل على تركيب مجموعه من البوابات المحكمة التى تساعد على حمايه المخازن من التعرض للسرقات أو الحرائق.
4-العنايه بأعمال تنظيف المخازن والمستودعات من التعرض للشوائب والأدخنة والتلفيات الخطيرة .
5-القيام بأعمال رش الحشرات اعتمادا على مجموعه من المبيدات وأدوات الرش الحديثة للتخلص من كافه أشكال الحشرات من نمل وبق وصراصير وعته وغيرها من أشكال الحشرات الخطيرة الأخرى التى تتسبب فى تأكل وتلف الاثاث وأشكال المجالس بمختلف أشكالها.
5-أعمال تنظيف العفش
تتمكن شركة تنظيف شقق بالرياض من القيام بأعمال تنظيف العفش بجميع أشكاله والحصول على أفضل النتائج المميزة ؛فالشركة تعتمد على أفضل المنظفات الحديثة وأفضل المساحيق القوية وأجهزة البخار التى تساعد على اتمام أعمال تنظيف الاثاث والتخلص من البقع الداكنة التى تحتاج الى أعمال تفتيت سريعه .
1-أعمال تنظيف المجالس
تتمكن الشركة من القيام بأعمال تنظيف الانتريهات أو الكنب وغيرها من أشكال المجالس الأخرى ؛تلك المجالس تتعرض للشوائب والعوالق والأحبار ؛لذلك يتم الاعتماد على مجموعه من الأجهزة وخاصه أجهزة البخار التى تتمكن من تفتيت الدهون والرواسب بمختلف أشكالها .
2-أعمال تنظيف الكنب
تعتبر الكنب من أهم أشكال المجالس التى يتم الاعتماد عليها من أجل الراحة والحصول على قدر مميز من الراحة ؛لذلك فهى تحتاج الى أعمال تنظيف متكررة ويتم الاعتماد على المساحيق والمنظفات الحديثة وأفضل المعطرات التى تساعد على تنظيف الكنب من أى شوائب .
فقط نحن أفضل شركة تخزين عفش بالرياض أفضل شركة سعودية تتمكن من نقل العفش بأفضل الطرق الصحيحة والمميزة ؛فقط نحن الأفضل لا تدع الفرصه تفوتك ؛فنحن شركة لديها مكانة مميزة من بين الشركات الاخرى ؛فقط اتصل بأرقامنا .… اقرأ المزيد
المصدر: شركة تخزين اثاث بالرياض
https://filmetriks.com/
ReplyDeletetiktok apk
happychick apk
happymod apk
You just share the main information that really needed thanks to keep writing good work.
ReplyDeleteStream Complet
Ecommerce Web Development Dubai
ReplyDeleteMoney spent on hiring Research Papers on Nursing is a pale shadow of the amount you could have otherwise spent on Cheap Dissertation Writing on your own.
ReplyDeleteGreat work for web design and web development reach Dow group a leading web design company in Dubai helps your business to boost well and increase you brand awareness a lot.
ReplyDeleteAre you looking to hire the best Custom College Papers Writing Services? It is helpful to note that the content of Legitimate Custom College Paper are unique and non-plagiarized and each Custom College Paper should be verified meticulously by editors before it can be sent to you.
ReplyDeleteGreat web site you have got here.. It’s hard to find quality writing like yours these days. I really appreciate individuals like you! Take care!!
ReplyDeleteSteam Missing File Privileges
Digital TV Tuner Device Registration Application
I appreciate this work amazing post for us. I like it Film Streaming
ReplyDeleteAcquiring Custom College Essay Writing Services from a Legitimate Custom Essay Writing Company is the best since you are guaranteed high quality Custom Essay Writing Services.
ReplyDelete
ReplyDeleteTutu Helper is the one of the best ios,android App store to get the tons of free app and game. Here the latest version of TutuApp of free.
Tutu Helper Apk
Tutu App
TutuApp Apk iOS
ReplyDeleteنقل عفش داخل جدة نقل عفش داخل جدة
دينا نقل عفش جدة دينا نقل عفش جدة
افضل نقل عفش من جدة الى الرياض افضل نقل عفش من جدة الى الرياض
نقل عفش من جدة الى دبي نقل عفش من جدة الى دبي
Students from different regions of the world rely on our Assignment because we are providing the most protected cost assignments of communication, confidentiality, and education. Biology Dissertation Writing Services
ReplyDeleteLargest students avoid the building essay get your essay written by an Essay Writing Services with 15% off! Full confidentiality. Blank fraud. Affordable pricing from our expert. Essay Writing Services
ReplyDeleteRequire to Help with Finance assignment allassignmenthelp.com confined to providing 100% safe & fast finance assignment writing help to Australian followers. Help with Finance assignment
ReplyDeleteYour feedback helps me a lot, A very meaningful event, I hope everything will go well
ReplyDeleteHope you will keep on offering good content like this more often. I feel more and more people should know about this. Also, I agree on most of the points you have made.
ReplyDeleteManagement Assignment Help
Your website is so cool. I'm impressed by the details that you have on this web site.
ReplyDeleteProgramming homework
Do you require the translate legal documents for complete the Singapore court and ICA needs then you must visit singaporetranslators.com .Here,we deliver well precise effective translation at very reasonable price.
ReplyDeleteEverything is perfect with this work. The writer has managed to keep the article interesting while discussing some really serious points. This is not easily done. All the best.
ReplyDeleteBuy Kurta Pajama Online
sikh accessories
Buy Kirpan Online
Khalsa
Buy Turbans Online - Sikh Pagri for Men in India
Buy Parna Online
turbans for sale
Buy Kachera Online
Buy Parna Online
Rumala Sahib
Buy Punjabi Jutti Online
Patkas
Turban Pins
Chandoa Sahib
Buy Brass Utensils Onlin
Kaintha
Buy Kanga Online
Car Hangings
Chadra
Buy Chola Online
1984
turbans
turban
kirpan
Designer Sikh Kirpans in Indiab
Punjabikurtaforsale
StoreWorld's largest Online shopping store for Punjabi and Sikh Accessories
khalsa kirpan
Additional malicious application is located in malicious file with encrypted which can be installed after decrypted with following code.
ReplyDeleteare helping them for boosting the evaluations as well as they are showing them for genuine learning.
ReplyDeletemba essay help onlinePay someone to do your homework