Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28517
  • Total Topics: 8240
  • Online Today: 976
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: SMS Trojan Targets South Korean Android Devices  (Read 814 times)

0 Members and 1 Guest are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 723
  • KARMA: 116
  • Gender: Male
  • Pez
SMS Trojan Targets South Korean Android Devices
« on: 26. February 2013., 08:05:58 »
SMS Trojan Targets South Korean Android Devices

 
It’s a common misconception that mobile malware is a problem limited to users in a particular geographical region such as China or Eastern Europe. Last week, McAfee Labs mobile research department received a mobile malware sample that targets Android mobile phone users in South Korea. The sample pretends to be a popular coffee shop coupon application, but in fact is an SMS Trojan that posts the incoming SMS messages to the attacker’s website.



If a user clicks the familiar application icon, a pop-up message will display the following information:



This is a fake error message reporting that the server is overloaded and unable to process the request. This, together with the icon used for the application, is simply social engineering to fool the victim into believing the application is legitimate but having problems, in the hope that the victim will just quit the application. This malicious app has nothing to do with the popular coffee vendor you may associate with the bogus icon.

While the message is displayed, the application creates a service to run in the background after the device has been rebooted. This service then sends the victim’s phone number to the following URL to “register” the infection.

http://it[deleted].com/Android_SMS/installing.php

The following image shows the application’s ability to gather a phone number and send it to the attacker



Once the application is installed, it monitors any incoming SMS messages. All of these will be sent, together with the phone number of the sending device, to the following URL:

http://it[deleted].com/Android_SMS/receiving.php

Furthermore, the malicious application blocks the incoming SMS message as well as the notification, so the victim will never know of the message’s existence.

The following image shows the application code responsible for the incoming message theft:



This malicious application targets only South Korean Android devices by checking for numbers starting with “+82,” the international code for South Korea, as shown in the following:



All intercepted and stolen SMS messages and the originating phone number are posted to the aforementioned URL using “EUC-KR” character encoding, as shown in the following picture:



McAfee Mobile Security detects this malware as Android/Smsilence.A.


Orginal article: Monday, February 25, 2013 at 4:04pm by Michael Zhang
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info

SMS Trojan Targets South Korean Android Devices
« on: 26. February 2013., 08:05:58 »




vishwanath99

  • SCF Member
  • **
  • Posts: 61
  • KARMA: 6
  • Gender: Male
Re: SMS Trojan Targets South Korean Android Devices
« Reply #1 on: 27. February 2013., 10:00:21 »
which name this malware  service run.

in last picture
phone no encrypted  or its in hex decimal no


Do u have that malware, where can i get this

Pez

  • SCF VIP Member
  • *****
  • Posts: 723
  • KARMA: 116
  • Gender: Male
  • Pez
Re: SMS Trojan Targets South Korean Android Devices
« Reply #2 on: 27. February 2013., 10:04:18 »
which name this malware  service run.

in last picture
phone no encrypted  or its in hex decimal no


Do u have that malware, where can i get this

McAfee Mobile Security detects this malware as Android/Smsilence.A.

The only I know more about this can you read in the Orginal article link in the end of my article.

Some other link related to this article:
South Korean Users Warned About SMS Trojan Disguised as Coffee Shop Coupon App

McAfee Blogs: SMS Trojan Targets South Korean Android Devices

AND
I don't! provide anybody with maleware exept for the main antivirus companys to make protection against them! So I don't understand your question to give you that maleware. If you want to share maleware you are in the wrong place.
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising