On the 4th of June 2012 we found 3 APK files of ~207 kb in size each heuristically detected by our engine as HEUR:Trojan-Spy.AndroidOS.Zitmo.a. All these applications are malicious and were created to steal incoming SMS messages from infected devices. SMS messages will be uploaded to a remote server whose URL is encrypted and stored inside the body of the Trojan. We found 3 more APK files with exactly the same functionality on 8th, 13th and 14th of June. So there are at least 6 files which pretend to be ‘Android Security Suite Premium’ but in fact were created only for stealing incoming SMS messages.
After the infection there is a blue shield icon in the menu with the name ‘Android Security Suite Premium’:
If the application is launched it will show a generated ‘activation code’:
esed nod32 key esed nod32 keys est nod32 key esed nod32 serial
Hiç yorum yok:
Yorum Gönder