BannerPortlet

Blogs

DJ.Activity camouflages as an app that provides porn contents. Actually, right after this fake app is run, the virus silently sends messages to high charged service numbers to take money out of user’ account.

Picture 1: DJ.Activity camouflages itself as an app providing porn contents

The malware is spread mainly via spam emails with “SexyVideoPro.apk” attached, hitting users’ curiosity to dupe them into installing the app. To hide itself from mobile network providers and avoid the service numbers being blocked, DJ.Activity does not fix the message receiving numbers in its code, but switches among the numbers via a control server mobile18x.info.

Picture 2: The service numbers are switched over via a control server

Bkav experts have decoded cofig of the virus’ control server and found out that the being in use number is 8777. This number charges users 15,000 VND for each message, not small at all.

To determine whether your phone is infected with this critical malware or not, you can download Bkav Mobile Security (from Google Play or from website http://mobile.bkav.com) and scan your device.

 

To protect your phone against such malwares, it’s advisable that you do not install apps not downloaded from Google Play, especially the ones attached in emails or downloaded from links in messages.

Nguyen Cong Cuong

Senior Malware Researcher

Leave a Reply

Name (required)
Mail (hidden) (required)
Website
Text to Identify
Reload-Capcha
CAPTCHA Code *

Popup Date Time Portlet

Blogs Aggregator

Blog Category Portlet

Categories

Store Portlet

Archives

Vote Baby Portlet