English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Hello from Malaysia

Roman Unuchek
Kaspersky Lab Expert
Posted March 15, 14:48  GMT
Tags: Mobile Malware, Google Android
0.4
 

In mid-February 2013 a Kaspersky user from Malaysia asked us to check a Google Play application called My HRMIS & JPA Demo developed by Nur Nazri.

The user was suspicious about the large number of permissions required by the app, though its only stated function was to open four websites.

After launching the app shows these four buttons:

Clicking on one of these images opened the corresponding site in the standard Android browser:

Button 1 opens http://www.bheuu.gov.my/puspanita/;

Button 2 - http://www.jpa.gov.my/;

Button 3 - http://www.mampu.gov.my/web/guest/;

Button 4 - http://www.eghrmis.gov.my/.

But this is just what the user sees – there is more going on behind the scenes that he doesn’t know about. Clicking the app’s 2nd button opens the site, but also steals the last 10 contacts (names and numbers), and after clicking the 4th button the app first steals the three most recent incoming messages before opening the web page.

In both cases the data is stolen with the help of a text message sent to 0187109971.

The spyware targets Malaysian users, which is confirmed by our KSN service data – we only saw installations in Malaysia. We detect the application My HRMIS & JPA Demo as Trojan-Spy.AndroidOS.Nuhaz.a and have informed Google’s security service of the threat in their app store. The malware has already deleted from the store.

PS The same author has two other programs in Google Play:

These apps are “legal spies” detected as not-a-virus:HEUR:Monitor.AndroidOS.Crakm.a and not-a-virus:HEUR:Monitor.AndroidOS.Lambs.a.


3 comments

Oldest first
Threaded view
 

mark117

2013 Mar 16, 19:37
0
 

Store Apps

Hi Roman Unuchek

Very informative and interesting article,

Maybe Google "and" other Vendors should take heed from this and make sure that they properly check any and all new apps that get put up on these stores/app places/market places etc etc,
personally i don't use my phone for any thing other than sending a text message or speaking to someone on the other end,
Also luckily for now it seems to be stopping in Malaysia.

Thank You
mark117

P.S.
Also maybe Microsoft/Google/OS-x android and the like should really have a dedicated team to checking these store Apps,
As it also seems all to easy for some body with a bit of coding know-how to be able to make a quick app and upload it to one of the three top vendors stores,
only to be able to sit back and wait for the results/data of there Malwares to come in.

mark117

Good Article...;-]

Reply    

zintel3

2013 Mar 19, 05:10
0
 

Hi Roman

Dear Roman,

Thank you for the info, very good info and valuable for me.

regards,

AZAB.

Reply    

Galoget Latorre

2013 Mar 31, 08:19
1
 

Interesting....

Hi Roman,

Useful information, that is one more reason to pay attention when installing apps from an unknown developer. =)

Good Post!

Galoget

Reply    
If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog