12345

9/04/2012

[Information] Chinese malicious application called SMS Zombie

1. Introduction

Malicious applications called SMS Zombie have been found in these days. With booming of malicious applications for smartphone, the rumor has that more than 500 thousands smartphone were infected by malicious application. Of course, this malicious app runs for Chinese android smartphone user, they haven't harm to Korean users so far. But the noticeable thing is that the spreading of malicious application for monetary exploitation has been started in overseas countries.



2. Spreading path and symptom of infection

This malicious application has been being spread on Chinese unofficial markets as following.


This malicious application performs sending SMS without permission, collecting information, and trying to install additional malicious application.

Installation screen is as following.


It doesn't show permissions for installation and "Open" button is deactivated. It means that malicious application is coded as wall paper type and additional permission for various functions is not manifest but dynamic registration process. Besides, the reason of deactivate of "Open" button is that it runs as a service.

Following image is some part of permission on AndroidManifest.xml.


Dropper-typed Host malicious application

Because this application registered nothing but wall paper service, to activate this program, user have to click following wall paper.


Upon executing wall paper, AlertDialog for installing additional application will be shown.


Left button is for confirm and right button is for cancel. If a user clicks confirm button, this application will try to install additional files from malicious file.


As you see, this file looked like image file, however; this file is APK file. Clicking "Confirm" button can install additional malicious application.

Analysis of additional malicious file working real malicious behaviors

Following figure is run screen of additional malicious file.


This also runs as a service, so "Open" button is deactivated. Following figure is some part of AndroidManifest.xml. We can see requiring permission code.


After installed, we can see that this malicious application has loaded as a service.


Besides, it shows administration activating screen for getting permission as following.


As it shows, there are 2 buttons both "Activate" and "Cancel", however; "Activate" button is only working. To click "Cancel" will show Activate device administrator window.


Finally, this malicious application will get permission for inducing to click "Activate" button. And then it will get various permissions including application removal.

※ Getting permission of device administrator

Usually malicious applications try to get administrator permission for obtaining its removal rights. After getting that permission, general uninstall procedure won't work.


※ How to remove

In case of this kind of application, both malicious and normal types are presence. To remove, following procedure will be needed.

"Settings" - "Location and security" - "Device administrators"


Click and choose "deactivate". Of course, clicking "deactivate" seemed nothing to be done. And then hold the home button - "task manager" - "exit all running program" - remove "this application" on program tap.

After installation, it will create "phone.xml" on certain path.


"phone.xml" will contain certain keyword by following code and encoded by Simplified Chinese.


Following figure shows real contents on phone.xml which can snatch bank account information and mobile transaction history. (by monitoring SMS.)


And then, this malicious application will send collected information to certain number(13093632006) as SMS secretly.


※ Details of SMS sending message

- 1.5V:Model(Model info:sdk);os(OS version info);Language(Using language);NET(Network usage info:3G/wifi)

In case of unable to use wifi, it will send SMS including certain message on following.


Except this case, this malicious application check rooting status of infected smartphone and sends SMS.


This application monitors SMS. AndroidManifest.xml doesn't contain code for getting permission but its internal code contains dynamic SMS monitoring receiver.


It seems that various security solutions may detect SMS monitoring receiver on AndroidManifest.xml.

Registered SMS related receiver monitors all SMS which were parsed and compared with keywords in "phone.xml". If string meets condition, it will send SMS to certain number.


Some of sent SMS will be removed with following code.


3. How to prevent

In case of this malicious application which contains 1st Dropper, if this Dropper is modified, various security threats can be existed. To use smartphone safely from security threats of these malicious applications, we recommend following tips "Smartphone security management tips" for general users.

Smartphone security management tips

1. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function.
2. Download the proven application by multiple users at all times.
3. Use mobile anti-virus SW to check downloaded application before using it.
4. Do not visit suspicious or unknown site via smartphone.
5. Try not to see MMS, text, e-mail from uncertain user.
6. Set strong password on smartphone always.
7. Turn the wireless interfaces like Bluetooth only be used.
8. Do not save important information on phone.
9. Do not try illegal customizing like rooting or jailbreak.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with “nProtect Mobile for Android” for mobile such as malicious file stated above and runs responding system against various security threats.

Diagnosis name

- Trojan/Android.SMSZombie.A
- Trojan/Android.SMSZombie.B
- Trojan/Android.SMSZombie.C

17 comments:

  1. I enjoyed reading this post it helps me a little bit and gives me an idea on my business for sms. thanks for this!

    Mensaje movil gratis

    ReplyDelete
  2. Blogs are good for every one where we get lots of information for any topics nice job keep it up !!!

    ReplyDelete
  3. The best way to protect your expensive smartphone is by using a case.
    It not only protects your phone from damage due to accidental drop, but also imparts beauty to your phone.
    Here are some of the best and exclusive cases for you.
    You can check them out and select one for your phone.
    Galaxy S8 Kickstand Cases

    ReplyDelete
  4. Thanks for sharing, nice post! Post really provice useful information!

    Anthaison chuyên cung cấp sản phẩm cho giấc ngủ bé yêu ngủ ngon: http://bit.ly/2Athdgb, http://bit.ly/2BimWBI TS cho bé, máy đưa võng giá rẻ http://bit.ly/2DQFBJA, giá máy đưa võng https://bit.ly/2IZjxPT, võng điện https://bit.ly/2x0OWMS cho bé

    ReplyDelete
  5. Help from online sources: Other than libraries, there are many assignment help online services which can take care of the sources you need during your study. There are e-Books, articles, and videos which will explain each concept very precisely.
    Assignment Help online
    Java Assignment help

    ReplyDelete
  6. We Provide assignment help for students especially in usa getting brilliant quality reviews writing USA, essays and dissertations.We at Top Quality Assignment believe that there is no shortcut to success and to attain success, hard work, dedication, and commitment must be present.AllAssignmentHelp.com reviews  best in writing unique Assignment.

    ReplyDelete
  7. Let this life come and go the natural way it wants. I have no reason to lament about this life because I was the first destination and was chosen to be born on this earth.
    bloons tower defense 5
    super smash flash 2

    ReplyDelete
    Replies
    1. I’m glad that you shared this useful info with us. thank you

      Delete
  8. Myassignmenthelp.co.uk have a team of excellent dissertation writer in uk who are Ph.D. certified and have years of experience in providing high-quality dissertation help and writing services. The team of our skilled writers has satisfied several students in UK. Our mission is to de-stress the students suffering from excessive academic writing pressure by offering them original content written from the scratch. We ensure our customers a 100% plagiarism free paper at an affordable price range. Avail our services and get your dream to score high grades fulfilled.

    ReplyDelete
  9. The editing and proofreading services may not be the most popular online services among the students, but they certainly play an essential role in preparing a quality assignment. If you are one of those students who submit their assignments without having a second look on them and then blame the professors for not awarding you with better grades, then this is the perfect opportunity to learn what went wrong.
    When you are provided with a lot of homework, the first thing which comes to your mind is if somebody could help you out. Today, we all lead a very hectic life, and there is no exception in a student’s life. To cope up with the existing competition students are often enrolled in several skill-building classes as well as extra academic courses. Hence, the students are left with no time to complete their homework accurately. This is why many companies have come up with their primary homework help services to assist them.

    ReplyDelete
  10. Thanks for sharing high value and informative article with us. And I hope you'll publish more article. proofread my essay

    ReplyDelete
  11. I would like to thanks for sharing high value and informative article with us. And i hope you'll sharing more idea's and keep writing more like this one. myassignmenthelp

    ReplyDelete
  12. I admire people who keep sharing valuable stories through great writing. I'm glad to have read this blog. Thanks and hope to read more soon. Check out Lawrence Todd Maxwell's page to learn more about real estate.

    ReplyDelete