SPYPHONE : Spyware targeted korean Android users

in #malware6 years ago (edited)

Hello, everyone !

Today, I have analyzed a malware which mimics a parcel tracking system.
If an android user was infected it, All SMS messages will be transmitted to the server that the attacker owns. In addition, an attacker can block SMS from being exposed to the user if necessary.

Block SMS messages.
block_sms.png

Send infected user information to the server.
join.png

Interesting facts is that I have found a vulnerability on the server. The vulnerability was in the code that sent stolen SMS messages to the server.

In the followed screen shot, shows how the malware send stolen SMS messages to the server.
스크린샷 2017-11-02 오후 10.18.51.png

After a successful attack on the vulnerability, I was able to access to the database. In the database, There were two difference DBs which was named spyphone & xiaozhen. So I decided the name of the malware with SPYPHONE.

스크린샷 2017-11-02 오후 10.48.15.png

VirusTotal Result
https://www.virustotal.com/#/file-analysis/NTE3ZWY1ZTFhMDg0YjJmZjlkMTFkMDE2OWE4ZjA4M2Q6MTUwOTYyODU3Ng==

6 years ago in #malware by
$0.98
  • Past Payouts $0.98, 0.00 TRX
  • - Author $0.77, 0.00 TRX
  • - Curators $0.21, 0.00 TRX
26 votes
Reply 2
Sort:  
  • Trending
    • [-]
     6 years ago 

    스스로 홍보하는 프로젝트에서 나왔습니다.
    좋은글 잘 읽었습니다.
    앞으로도 꾸준한글 좋은글 많이 부탁드립니다.

    $0.99
    • Past Payouts $0.99, 0.00 TRX
    • - Author $0.99, 0.00 TRX
    • - Curators $0.00, 0.00 TRX
    1 vote
    Reply
    [-]
     6 years ago 

    지원 감사합니다 :) 열심히 활동하겠습니다 - @tumble

    $0.00
      Reply

      Coin Marketplace

      STEEM 0.29
      TRX 0.12
      JST 0.033
      BTC 63855.79
      ETH 3113.00
      USDT 1.00
      SBD 4.04