SPYPHONE : Spyware targeted korean Android users

in #malware7 years ago (edited)

Hello, everyone !

Today, I have analyzed a malware which mimics a parcel tracking system.
If an android user was infected it, All SMS messages will be transmitted to the server that the attacker owns. In addition, an attacker can block SMS from being exposed to the user if necessary.

Block SMS messages.
block_sms.png

Send infected user information to the server.
join.png

Interesting facts is that I have found a vulnerability on the server. The vulnerability was in the code that sent stolen SMS messages to the server.

In the followed screen shot, shows how the malware send stolen SMS messages to the server.
스크린샷 2017-11-02 오후 10.18.51.png

After a successful attack on the vulnerability, I was able to access to the database. In the database, There were two difference DBs which was named spyphone & xiaozhen. So I decided the name of the malware with SPYPHONE.

스크린샷 2017-11-02 오후 10.48.15.png

VirusTotal Result
https://www.virustotal.com/#/file-analysis/NTE3ZWY1ZTFhMDg0YjJmZjlkMTFkMDE2OWE4ZjA4M2Q6MTUwOTYyODU3Ng==

Sort:  

스스로 홍보하는 프로젝트에서 나왔습니다.
좋은글 잘 읽었습니다.
앞으로도 꾸준한글 좋은글 많이 부탁드립니다.

지원 감사합니다 :) 열심히 활동하겠습니다 - @tumble

Coin Marketplace

STEEM 0.22
TRX 0.26
JST 0.040
BTC 98487.39
ETH 3469.86
USDT 1.00
SBD 3.23