Installing an infected program
Zimry, a Malware Analyst in F-Secure’s Kuala Lumpur Labs, was recently doing some analysis on malware designed to infect Android phones. During the analysis, he ran some malicious samples on a smartphone installed with F-Secure Mobile Security to make sure the phone would be protected.
Since Safe and Savvy has writing about mobile security, we thought we’d use this sample to show you our Mobile Security in action.
The test samples used were related to the new Android trojan, which seems to be targeted towards users in mainland China and are being distributed on free file-sharing networks there. The samples were trojanized programs – that is, an attacker took legitimate programs, inserted their own malicious code and recompiled the program to create malware. The samples we’ve seen so far came from a third-party application provider in China. Most of the programs are advertised as offering wallpaper for phones.
At right (above) is an example of an infected program being installed on the test phone. During the installation process, the file is scanned by Mobile Security – and it is detected as infected.
Scanning results
Some users don’t have Mobile Security set to automatically scan files at installation. In which case, the infection is only discovered when the phone is manually scanned. After a manual scan, the user would see a notification like the one at left, informing them that the programs are infected.
As you can see, Mobile Security detects the infected files as two trojans, from two separate families:
- Trojan:Android/Adrd.A
- Trojan:Android/Geinimi.A
Adrd trojans behave as straight-forward (but still nasty) Trojan-Clickers, whereas trojans from the Geinimi family, are more sophisticated, almost powerful enough to be classed as Backdoor programs.
Another feature Zimry tested was Browsing Protection. He tried browsing a website known to be a phishing site. On an unprotected mobile browser (i.e., no antivirus installed), he managed to get to the actual phishing screen with no warning:
Phishing site
On the test phone however, since he had Browsing Protection enabled, what he saw was this:
Warning
Since harmful sites like this may also be hosting trojans, Browsing Protection would also be a good precautionary measure against unintentionally coming across and downloading such malware.
So it’s nice to know Mobile Security works at three key points – potential download, during installation and on scanning.
Are you using our Mobile Security? You can still try out it out for free. We’d appreaciate your feedback. All pertinent comments/suggestions/constructive criticisms will be passed to the development team to improve our protection.
Thanks,
Alia
Facebook
Twitter
RSS
E-mail
6 Comments
Just tought after reading this. What kind of steps ovi store has to prevent virus applications? Yes, maybe they have that info on their webpage but don’t have the power to read it now.
I just hope that they test apps trough with f-secure etc before making them available.
Ovi, like Apple’s App Store, has an approval process for security and content. May not be foolproof but F-Secure’s Mikko Hypponen credits it with minimizing mobile security risks thus far.
Nice to hear.
First I used it in my NOKIA-N73 Mobile phone. it is unque product than other antivirus products. as user of it i wish a bright future of it.
My mobile phone SonyEricsson W20i model.Need free f-secure anti-virus subcribtion nuber.please help me.
sonyEricsson mobile W20i model support any Anti-virus
One Trackback
[...] Skip to content HomeAbout Us25 YearsArchives « F-Secure Mobile Security in action [...]