12345

9/12/2012

[Information] Android malicious application for Japanese women

1. Introduction

There was a report about Android malicious application which aims for Japanese women. Usually malicious applications aims for men, however; it is the first case of being found for women. Besides, if this malicious application installed in Korean environment, personal information can be leaked. Therefore, users need to be careful on using and downloading applications.



2. Spreading path and Symptom of infection

This malicious application has 2 spreading methods.



Source : http://www.symantec.com/connect/blogs/loozfon-malware-targets-female-android-users

One is sending spam e-mail and tries to induce user for clicking link on mail. The other is inducing to click link for meeting man. Both ways are for downloading and installing malicious application.

Analysis info

Malicious behaviors procedures

- Tries to collect and leak IMEI info
- Collects contact info(Name, Tel number, E-mail address)
- Accesses to certain web site [http://58.(~~).(~~).229//(~~)/addressBookRegist] (External URL)

This malicious application requires permissions as following.


Following image shows all permissions in "AndroidManifest.xml".



Installing status of this malicious application can be found on "Settings" > "Applications" > "Manage applications".




This malicious application doesn't register certain receiver or service, but it counts from 1 to 0 as following.



This counting is implemented as a repetition. It collects personal and device information and tries to leak on certain web site.



Following code shows collecting info and leaking collected info on certain web site.



Detailed info of code for leaking info

Red box shows collecting IMEI with referring other class.



Green box shows collecting smartphone number.

Blue box distinguish between Android 1.6 version or lower and Android 1.6 version or higher. There was big change on API of collecting contacts. This malicious application can collect both.

Following code shows in case of Android version is 1.6 or higher.



With this code, we can find it collects name, phone number, and mail address.

We assume this malicious application for sending spam mail and collecting various info including(Contacts, IMEI, and personal info).

3. How to prevent

There are a lot of reports about various malicious applications for financial purpose. This malicious application can easily collect and leak information. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function.
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan-Spy/Android.Loozfon.A
- Trojan-Spy/Android.Loozfon.B


6 comments:

  1. HI there. Wow this is a superb posting. But why only for Japanese women this should be for every women world wide. Thanks for sharing it.

    ReplyDelete
  2. The fast and furious 8 is going to be one hell of a movie and I can't wait for it to come out in April. With Charlize Theron and Helen Mirren joining the cast, The fast and furious franchise has been pushed to a whole new level. Really looking forward to it.
    Movies that earn more than $1 billion worldwide tend to produce sequels. As such, Fast and Furious 8 was a no-brainer. Yet, the ridiculously lucrative Furious 7 ended with real closure Fast and Furious 8 Release Date

    ReplyDelete
  3. Một số thông tin về thuốc Fucoidan
    Fucoidan được giới thiệu là loại thuốc có nguồn gốc xuất xứ hoàn toàn tự nhiên, có chiết xuất từ tảo biển thành phần chính của thuốc Fucoidan http://mayduavong.me/tag/thanh-phan-chinh-cua-thuoc-fucoidan . Công dụng của nó là bồi dưỡng các chất bổ dưỡng cần thiết cho con người. Fucoidan có thể ngăn ngừa một số loại bênh cảm thông thường. Thuốc Fucoidan bán ở đâu ? http://thuocbomat.net/tag/thuoc-fucoidan-ban-o-dau trong thành phần của nó còn có hoạt chất làm căng mịn cho làn da, đem đến cho người sử dụng một làn da tươi trẻ. Điều đặc biệt hơn cả là Fucoidan có khả năng sử dụng để điều trị bệnh ung thư. Fucoidan giá rẻ http://thuocgiaidocgan.net/tag/fucoidan-gia-re
    Như tất cả chúng ta đều biết, bệnh ung thư rất nguy hiểm và đang từng ngày đe dọa cuộc sống của chúng ta. Thực phẩm chức năng Fucoidan http://nammongtay.com/tags/thuc-pham-chuc-nang-fucoidan hiện nay lại chưa có một loại phương pháp nào có thể điều trị tận gốc căn bệnh này. Ngoài ra, những phương pháp như xạ trị, sử dụng thuốc Tây y ảnh hưởng rất nhiều đến bệnh nhân do có nguồn gốc hóa học. Công dụng của thuốc Fucoidan http://mayduavong.me/tag/cong-dung-cua-thuoc-fucoidan-tri-ung-thu-cua-my rất nhiều bệnh nhân ung thư sử dụng Fucoidan và có tiến triển tốt lại không có tác dụng phụ do có nguồn gốc tự nhiên. Theo khoa học, Fucoidan có khả năng làm chậm quá trình phát triển đồng thời kích thích tế bào ung thư tự tiêu diệt.

    ReplyDelete
  4. Freedom is everything in real life. A true as this maxim is, it is also essential to note that on the Internet too. The Freedom app is the most important app to have if you are a gaming enthusiasts. Interestingly, remember that this app is completely safe and free.Freedom for Mac

    ReplyDelete