DJ.Activity camouflages as an app that provides porn contents. Actually, right after this fake app is run, the virus silently sends messages to high charged service numbers to take money out of user’ account.
Picture 1: DJ.Activity camouflages itself as an app providing porn contents
The malware is spread mainly via spam emails with “SexyVideoPro.apk” attached, hitting users’ curiosity to dupe them into installing the app. To hide itself from mobile network providers and avoid the service numbers being blocked, DJ.Activity does not fix the message receiving numbers in its code, but switches among the numbers via a control server mobile18x.info.
Picture 2: The service numbers are switched over via a control server
Bkav experts have decoded cofig of the virus’ control server and found out that the being in use number is 8777. This number charges users 15,000 VND for each message, not small at all.
To determine whether your phone is infected with this critical malware or not, you can download Bkav Mobile Security (from Google Play or from website http://mobile.bkav.com) and scan your device.
To protect your phone against such malwares, it’s advisable that you do not install apps not downloaded from Google Play, especially the ones attached in emails or downloaded from links in messages.
Nguyen Cong Cuong
Senior Malware Researcher