F-Secure Mobile Security in action

Z Archive

Installing an infected program

Zimry, a Malware Analyst in F-Secure’s Kuala Lumpur Labs, was recently doing some analysis on malware designed to infect Android phones. During the analysis, he ran some malicious samples on a smartphone installed with F-Secure Mobile Security to make sure the phone would be protected.

Since Safe and Savvy has writing about mobile security, we thought we’d use this sample to show you our Mobile Security in action.

The test samples used were related to the new Android trojan, which seems to be targeted towards users in mainland China and are being distributed on free file-sharing networks there. The samples were trojanized programs – that is, an attacker took legitimate programs, inserted their own malicious code and recompiled the program to create malware. The samples we’ve seen so far came from a third-party application provider in China. Most of the programs are advertised as offering wallpaper for phones.

At right (above) is an example of an infected program being installed on the test phone. During the installation process, the file is scanned by Mobile Security – and it is detected as infected.

Scanning results

Some users don’t have Mobile Security set to automatically scan files at installation. In which case, the infection is only discovered when the phone is manually scanned. After a manual scan, the user would see a notification like the one at left, informing them that the programs are infected.

As you can see, Mobile Security detects the infected files as two trojans, from two separate families:

  • Trojan:Android/Adrd.A
  • Trojan:Android/Geinimi.A

Adrd trojans behave as straight-forward (but still nasty) Trojan-Clickers, whereas trojans from the Geinimi family, are more sophisticated, almost powerful enough to be classed as Backdoor programs.

Another feature Zimry tested was Browsing Protection. He tried browsing a website known to be a phishing site. On an unprotected mobile browser (i.e., no antivirus installed), he managed to get to the actual phishing screen with no warning:

Phishing site

On the test phone however, since he had Browsing Protection enabled, what he saw was this:

Warning

Since harmful sites like this may also be hosting trojans, Browsing Protection would also be a good precautionary measure against unintentionally coming across and downloading such malware.

So it’s nice to know Mobile Security works at three key points – potential download, during installation and on scanning.

Are you using our Mobile Security? You can still try out it out for free.  We’d appreaciate your feedback. All pertinent comments/suggestions/constructive criticisms will be passed to the development team to improve our protection.

Thanks,

Alia

Tags

Rate this article

0 votes

9 Comments

Just tought after reading this. What kind of steps ovi store has to prevent virus applications? Yes, maybe they have that info on their webpage but don’t have the power to read it now. 🙂

I just hope that they test apps trough with f-secure etc before making them available.

Ovi, like Apple’s App Store, has an approval process for security and content. May not be foolproof but F-Secure’s Mikko Hypponen credits it with minimizing mobile security risks thus far.

First I used it in my NOKIA-N73 Mobile phone. it is unque product than other antivirus products. as user of it i wish a bright future of it.

My sony ericsson w20i,antivirus expired,and the subscrition on my phone is not allowing new subscrition,anytime I enter it,it say subscrition no not valid.what happened?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like