Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3495
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Pez
« on: 27. February 2013., 10:04:18 »

which name this malware  service run.

in last picture
phone no encrypted  or its in hex decimal no


Do u have that malware, where can i get this

McAfee Mobile Security detects this malware as Android/Smsilence.A.

The only I know more about this can you read in the Orginal article link in the end of my article.

Some other link related to this article:
South Korean Users Warned About SMS Trojan Disguised as Coffee Shop Coupon App

McAfee Blogs: SMS Trojan Targets South Korean Android Devices

AND
I don't! provide anybody with maleware exept for the main antivirus companys to make protection against them! So I don't understand your question to give you that maleware. If you want to share maleware you are in the wrong place.
Posted by: vishwanath99
« on: 27. February 2013., 10:00:21 »

which name this malware  service run.

in last picture
phone no encrypted  or its in hex decimal no


Do u have that malware, where can i get this
Posted by: Pez
« on: 26. February 2013., 08:05:58 »

SMS Trojan Targets South Korean Android Devices

 
It’s a common misconception that mobile malware is a problem limited to users in a particular geographical region such as China or Eastern Europe. Last week, McAfee Labs mobile research department received a mobile malware sample that targets Android mobile phone users in South Korea. The sample pretends to be a popular coffee shop coupon application, but in fact is an SMS Trojan that posts the incoming SMS messages to the attacker’s website.



If a user clicks the familiar application icon, a pop-up message will display the following information:



This is a fake error message reporting that the server is overloaded and unable to process the request. This, together with the icon used for the application, is simply social engineering to fool the victim into believing the application is legitimate but having problems, in the hope that the victim will just quit the application. This malicious app has nothing to do with the popular coffee vendor you may associate with the bogus icon.

While the message is displayed, the application creates a service to run in the background after the device has been rebooted. This service then sends the victim’s phone number to the following URL to “register” the infection.

http://it[deleted].com/Android_SMS/installing.php

The following image shows the application’s ability to gather a phone number and send it to the attacker



Once the application is installed, it monitors any incoming SMS messages. All of these will be sent, together with the phone number of the sending device, to the following URL:

http://it[deleted].com/Android_SMS/receiving.php

Furthermore, the malicious application blocks the incoming SMS message as well as the notification, so the victim will never know of the message’s existence.

The following image shows the application code responsible for the incoming message theft:



This malicious application targets only South Korean Android devices by checking for numbers starting with “+82,” the international code for South Korea, as shown in the following:



All intercepted and stolen SMS messages and the originating phone number are posted to the aforementioned URL using “EUC-KR” character encoding, as shown in the following picture:



McAfee Mobile Security detects this malware as Android/Smsilence.A.


Orginal article: Monday, February 25, 2013 at 4:04pm by Michael Zhang
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising