It seems that the Android malware are improving day by day. we have received an interesting malware which can log the calls, records the whole conversation, and even send them to the Bad guy.
Most of the previous Android malware were either sending the text messages or making call to the
premium service numbers, in order to make the easy money.
This particular Trojan records conversations in AMR format, as allowed by the permissions the user has approved:
When the program is installed, it requests permissions to allow it to perform the following actions:
Access Cell-ID and WiFi location
Access Cell-ID and WiFi updates
Access GPS location
Access information about WiFi networks
Allow low-level access to power management
Allow read only access to phone state
Allow the use of PowerManager WakeLocks to keep the processor from sleeping or the screen from dimming
Initiate a phone call without going through the Dialer user interface (so that the user is unaware of any outgoing calls made by the Trojan)
Monitor, modify, or abort outgoing calls
Open network sockets
Read SMS messages
Read the user’s contacts data
Record audio
Send SMS messages
Write (but not read) the user’s contacts data
Write SMS messages
Write to external storage
When the Trojan is executed, it registers itself to start whenever the device starts by listening for the following command:
android.permission.ACTION_BOOT_COMPLETED
It may then start any of the following services:
GpsService
MainService
RecordService
SocketService
XM_SmsListener
XM_CallListener
XM_CallRecordService
The program sends an SMS containing the IMEI of the device to the following phone number:
15859268161
It then records the following information:
All phone call content
GPS infomation
Received SMS messages
Sent SMS messages
The above information is written to the SD card in the following location:
/sdcard/shangzhou/callrecord/
The gathered information is then sent to the following location on port 2018:
jin.56mo.com
The best defense against this sort of malware is to pay attention to the permissions that the app is asking for. Ask yourself – does this app really need all these capabilities? If in doubt, say no!
Those who have missed our earlier post, we have released our product for Andriod Phone. Quick Heal Mobile Security for Android detects the file as Android.Nickispy.A.
To avail the introductory 50% discount offer please visit our Quick Heal Mobile Security page here.
To download the free trial version for your Android device please visit Android market by clicking on below link.
Leave a reply
