2. Spreading path and Symptom of infection
This malicious application has 2 spreading methods.
Source : http://www.symantec.com/connect/blogs/loozfon-malware-targets-female-android-users
One is sending spam e-mail and tries to induce user for clicking link on mail. The other is inducing to click link for meeting man. Both ways are for downloading and installing malicious application.
This malicious application requires permissions as following.
Following image shows all permissions in "AndroidManifest.xml".
Installing status of this malicious application can be found on "Settings" > "Applications" > "Manage applications".
This malicious application doesn't register certain receiver or service, but it counts from 1 to 0 as following.
This counting is implemented as a repetition. It collects personal and device information and tries to leak on certain web site.
Following code shows collecting info and leaking collected info on certain web site.
Detailed info of code for leaking info
Red box shows collecting IMEI with referring other class.
Green box shows collecting smartphone number.
Blue box distinguish between Android 1.6 version or lower and Android 1.6 version or higher. There was big change on API of collecting contacts. This malicious application can collect both.
Following code shows in case of Android version is 1.6 or higher.
With this code, we can find it collects name, phone number, and mail address.
We assume this malicious application for sending spam mail and collecting various info including(Contacts, IMEI, and personal info).
3. How to prevent
There are a lot of reports about various malicious applications for financial purpose. This malicious application can easily collect and leak information. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.