Tuesday, April 17, 2012

Android Malware Dougalek Steals Contact Information

Dougalek is a mobile malware that runs on Android devices. It downloads and plays movie clips from a predetermined remote website while stealing information in the background.

The mobile malware requests the following permissions:

INTERNET - Allows applications to open network sockets.
READ_CONTACTS - Allows an application to read the user's contacts data.
READ_PHONE_STATE - Allows read only access to phone state.

Dougalek Permissions

Looking at the requested permissions, this kind of gives the mobile malware away by requesting more permissions than what it is trying to portray.

Dougalek Installed on the Android Device

Upon execution, Dougalek collects information from the compromised Android device and sends the stolen information to:

hxxp://depot.bulks.jp/get[random].php

Dougalek Stealing Contact Information

It also attempts to download and play a video from:

hxxp://depot.bulks.jp/movie/movie[random].mp4

Meanwhile the affected user only sees this on the screen:

Dougalek stealing information in the background

No comments:

Post a Comment