Even then, users should check the developer of the app they're downloading, as well as any reviews, to verify that they are downloading legitimate apps.
WHERE DOES KAKAOTALK STORE CHATS ANDROIS FOR ANDROID
Apps arriving from outside the somewhat curated Google Play store have frequently been a source of security problems for Android devices. The best way to protect against these threats is to avoid downloading apps from outside of Google Play - a tip we mentioned earlier when talking about the recent Android security vulnerability. By doing it this way, the attacker was attempting to avoid scanners like Google's integrated Bouncer service. This redirector app contained ads that led to a variety of apps - including the fake security plugin. The attackers used a hacked Google Play developer account to distribute a redirector app: What's most interesting about this fake app, however, was how it was distributed. Because of this, it is quite easy to notice that something has gone wrong with their device. What does this malicious app do when it's installed? It reads the user's contacts and uses the phone's text messaging feature to send messages to all contacts. Many users have fallen victim to this not just because it uses KakaoTalk's brand, but also because it uses “Security” in its name as well. We detect the fake security as ANDROIDOS_FAKEKKAO.A. About a month ago, KakaoTalk warned users via their official Twitter account of a “KakaoTalk Security Plugin”:
WHERE DOES KAKAOTALK STORE CHATS ANDROIS CODE
Unless steps are taken to obfuscate it, the source code of any Java app is relatively easy to obtain the attacker can then add or modify the code to introduce malicious behavior into the app.Īside from Trojanized apps, fake apps have used KakaoTalk's name as well. This process of Trojanizing is made easier because most Android apps are written using the Java programming language. This app regularly sends out contact information, text messages, and some phone settings to a command-and-control server from where the attacker can retrieve it. In addition, when we examine the permissions used by the app, it's worth noting that the Trojanized app asks for more permissions than the legitimate app.įigure 1: Permissions of "ANDROIDOS_ANALITYFTP.A"ĪNDROIDOS_ANALITYFTP.A seems to be a Trojanized app that can be used by eavesdroppers. Table 1: Differences between legitimate and Trojanized versions If one examines the details of the app, one can see the differences between the legitimate app and the modified one: This particular Trojanized version of KakaoTalk is detected as ANDROIDOS_ANALITYFTP.A, and was distributed via email. However, it actually contains malicious code.
This creates a Trojanized app which, to the user, can appear to be normal. One common way to create malicious apps is to take a legitimate version of the app and add malicious code to it. (However, let's be clear that KakaoTalk is not being the only brand targeted other brands and apps are also targets as well.) Users need to understand the threats posed by these malicious apps. It shouldn't be a surprise that cybercriminals are using the names of these apps for their own attacks in this post we'll show how KakaoTalk is being targeted by attackers. For example, in Japan, both Line and KakaoTalk - two popular chat apps - both claim to have more than 100 million users in Japan. Instant messaging apps are battling it out and trying to become the next popular means of communication that people will use.