SPYPHONE : Spyware targeted korean Android users
Hello, everyone !
Today, I have analyzed a malware which mimics a parcel tracking system.
If an android user was infected it, All SMS messages will be transmitted to the server that the attacker owns. In addition, an attacker can block SMS from being exposed to the user if necessary.
Block SMS messages.
Send infected user information to the server.
Interesting facts is that I have found a vulnerability on the server. The vulnerability was in the code that sent stolen SMS messages to the server.
In the followed screen shot, shows how the malware send stolen SMS messages to the server.
After a successful attack on the vulnerability, I was able to access to the database. In the database, There were two difference DBs which was named spyphone & xiaozhen. So I decided the name of the malware with SPYPHONE.
VirusTotal Result
https://www.virustotal.com/#/file-analysis/NTE3ZWY1ZTFhMDg0YjJmZjlkMTFkMDE2OWE4ZjA4M2Q6MTUwOTYyODU3Ng==
스스로 홍보하는 프로젝트에서 나왔습니다.
좋은글 잘 읽었습니다.
앞으로도 꾸준한글 좋은글 많이 부탁드립니다.
지원 감사합니다 :) 열심히 활동하겠습니다 - @tumble