Samker's Computer Forum - SCforum.info
World TOP Headlines: => Latest Security News & Alerts => Topic started by: Pez on 26. February 2013., 08:05:58
-
SMS Trojan Targets South Korean Android Devices
It’s a common misconception that mobile malware is a problem limited to users in a particular geographical region such as China or Eastern Europe. Last week, McAfee Labs mobile research department received a mobile malware sample that targets Android mobile phone users in South Korea. The sample pretends to be a popular coffee shop coupon application, but in fact is an SMS Trojan that posts the incoming SMS messages to the attacker’s website.
(http://blogs.mcafee.com/wp-content/uploads/2013/02/korean_sms_001.png) (http://blogs.mcafee.com/wp-content/uploads/2013/02/korean_sms_002.png)
If a user clicks the familiar application icon, a pop-up message will display the following information:
(http://blogs.mcafee.com/wp-content/uploads/2013/02/korean_sms_003.png)
This is a fake error message reporting that the server is overloaded and unable to process the request. This, together with the icon used for the application, is simply social engineering to fool the victim into believing the application is legitimate but having problems, in the hope that the victim will just quit the application. This malicious app has nothing to do with the popular coffee vendor you may associate with the bogus icon.
While the message is displayed, the application creates a service to run in the background after the device has been rebooted. This service then sends the victim’s phone number to the following URL to “register” the infection.
• http://it[deleted].com/Android_SMS/installing.php
The following image shows the application’s ability to gather a phone number and send it to the attacker
(http://blogs.mcafee.com/wp-content/uploads/2013/02/korean_sms_004.png)
Once the application is installed, it monitors any incoming SMS messages. All of these will be sent, together with the phone number of the sending device, to the following URL:
• http://it[deleted].com/Android_SMS/receiving.php
Furthermore, the malicious application blocks the incoming SMS message as well as the notification, so the victim will never know of the message’s existence.
The following image shows the application code responsible for the incoming message theft:
(http://blogs.mcafee.com/wp-content/uploads/2013/02/korean_sms_005.png)
This malicious application targets only South Korean Android devices by checking for numbers starting with “+82,” the international code for South Korea, as shown in the following:
(http://blogs.mcafee.com/wp-content/uploads/2013/02/korean_sms_006.png)
All intercepted and stolen SMS messages and the originating phone number are posted to the aforementioned URL using “EUC-KR” character encoding, as shown in the following picture:
(http://blogs.mcafee.com/wp-content/uploads/2013/02/korean_sms_007.png)
McAfee Mobile Security detects this malware as Android/Smsilence.A.
Orginal article: Monday, February 25, 2013 at 4:04pm by Michael Zhang (http://blogs.mcafee.com/mcafee-labs/sms-trojan-targets-south-korean-android-devices)
-
which name this malware service run.
in last picture
phone no encrypted or its in hex decimal no
Do u have that malware, where can i get this
-
which name this malware service run.
in last picture
phone no encrypted or its in hex decimal no
Do u have that malware, where can i get this
McAfee Mobile Security detects this malware as Android/Smsilence.A.
The only I know more about this can you read in the Orginal article link in the end of my article.
Some other link related to this article:
South Korean Users Warned About SMS Trojan Disguised as Coffee Shop Coupon App (http://news.softpedia.com/news/South-Korean-Users-Warned-About-SMS-Trojan-Disguised-as-Coffee-Shop-Coupon-App-332569.shtml?utm_source=dlvr.it&utm_medium=twitter)
McAfee Blogs: SMS Trojan Targets South Korean Android Devices (http://hpinnovator.com/index.php?articleID=45225§ionID=25)
AND
I don't! provide anybody with maleware exept for the main antivirus companys to make protection against them! So I don't understand your question to give you that maleware. If you want to share maleware you are in the wrong place.