The Latest in IT Security

New Android Riskware

08
Sep
2011

We have just encountered a number of Android riskware applications that target subscribers in the China region.

The suspect applications cover a variety of topics, including horoscopes, farm and pet games/info and the Chinese calendar, to name a few. Below is a screenshot of the permissions requested by one of these applications:

Riskware:Android/MobileTX.A Permissions

However, some of the applications do not even look like what they claim to be and eventually crash (probably bad programming):

Riskware:Android/MobileTX.A, Force close

Before the application crashes however (and usually right after its execution), it will retrieve the phone’s International Mobile Subscriber Identity (IMSI) number, then attempts to connect to a remote site:

  •  http://mobile.tx.com.cn:[…]/client.[…].do
  •  http://mobile.tx.com.cn:[…]/client/[…].do

It checks if the phone’s IMSI already exists (at time of writing, the remote sites were still accessible).

If the application isn’t able to access the remote site, or the site somehow returns an error response, it will proceed to send out an SMS message.

The SMS sending component first determines the phone’s subscriber ID, then depending on the retrieved information, it will select a different recipient number that it will send the message.

The SMS body contains the following format:

  •  99# [ IMSI ]#android#[ app_specific_string ]

As of the moment, we’re still investigating the implications of the application’s behavior; this may or may not be another example of fraudulent SMS registration for services. Nevertheless, the fact that it automatically sends out an SMS with the phone’s IMSI ID without the user’s awareness or consent is something that is not very desirable.

This is aside from the possible charges incurred and and unwanted identification of the phone’s number (when the other party receives the message).

We will detect these applications as Riskware:Android/MobileTX.A.

Threat Solutions post by — Jessie, Irene and Yeh

Leave a reply


Categories

SATURDAY, SEPTEMBER 21, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks