Some time ago, I analyzed two similar samples of Android/Smsilence.A!tr.spy, a fake Vertu application that spies on its victim. One of the samples was targeting a Japanese audience, while the other sample was for Korean end-users. I was interested in finding their similarities (and differences). At (decompiled) source code level, I identified for instance a similarity: both samples check incoming SMS messages and download another payload if the message body contains the keyword 113, or deletes it if the SMS comes from 1588366. See below, identical... [Read More]
by RSS Axelle Apvrille  |  Jul 30, 2012  |  Filed in: Security Research