TECH NEWS: Malicious application on Android steals text messages

Monday, May 27, 2013

Malicious application on Android steals text messages

pincer2 malicious application on Android steals text messages
Discovered a malicious application for the Android system works to see the text messages that link to the user and then re-send it to certain people are believed to have the same application developers.
When the user installs the application, start stealing sensitive messages from users for a variety of purposes, including extortion, especially if they are related to sensitive information like banking acount.
And discovered the security and protection company Russian Doctor Web application and I knew the name of "Android.Pincer.2.origin" This is the second version of the family of malicious applications Android.Pincer.
After installing the application, the user will be presented a false message about the success of the inauguration of the security certificate, the message claims that the user's machine became protected and offers him a special symbol testify.
After the application period will not in any conduct which would require the user's attention, but then will be loaded with the boot device operates via what is known as CheckCommandServices a service that runs in the background task to connect to a remote server and send the information.
Among that information was the model number of the device, the device serial number, IMEI number, the name of the telecommunications company, the user's phone number, and the default system language, operating system, albeit have a validity Alroot.
The application then waits until acquaintances software commands to perform certain actions, and found Doctor Web application that can send instructions below for malignant application:
  • Start re-send SMS sms
  • USSD messages and the implementation of its contents
  • Stop the application
  • Message is displayed on the screen of a specific victim
  • Change control server address
  • Send text messages to the user or to other numbers from the victim's machine

Fortunately, this application does not exist on the Google Play store is a place where the majority of Android users to download their applications of it, but that does not mean that it can infect phones in case downloaded from external sources.