NEWS FROM THE LAB - Wednesday, April 10, 2013

South Korea, Starbucks, and Android/Smsilence Posted by Sean @ 22:34 GMT

Several weeks ago, an McAfee researcher named Michael Zhang analyzed an Android trojan which specifically targets South Korean phones. It's called Smsilence, and it uses bait such as "Starbucks coupon" apps (ex: starbug.apk).

Here's the phone number check looking for country code +82:


A detail not included in Zhang's post: the URLs / IP addresses to which SMS are forwarded are associated with Hong Kong.

And given the current political tensions in the region… a trojan which very specifically targets South Korean phones and then forwards information to China seems… worrisome.

SHA1: 04d58cbe352ba98d50510b661091bac5852fe7f4