1.0 Introduction
MyCERT observed a malicious android application that is leveraging on Law Enforcement Agency theme. The application is disguising as a mobile antivirus and as an application that tests mobile signal for Malaysian users purportedly created by a trusted organization, Royal Malaysian Police (PDRM).
2.0 Impact
Android version from Froyo (8.0) and below.
3.0 Affected System and Devices
Disclosure of personal information to scammers or unknown parties may increase similar scamming campaigns in future.
4.0 Techniques, Tactics and Procedures
The malware is similar to a malware dubbed as SMSSpy. The variant appears to be fake mobile applications that intercept received SMS messages and forward them to a remote site. The spyware collects all contacts including contact name, phone number, email address, street address, organization. The malware is also capable of modifying the contact data. It also capture SMS inbox content probably with intention to retrieve any TAC numbers sent through SMS as it is able to send and received SMS/MMS.
We retrieved the sample of malware through a URL: hxxp://app.0189110.com