Thursday, May 31, 2012
Is a new Zsone Under Development? #Android Posted by ThreatResearch @ 10:07 GMT

Android malware news: a year after Zsone's discovery, we've come across a new variant. Or at least a sample that causes us to ask, is a new variant under development? This new Zsone uses a native component for its SMS sending routine.

Here a code snippet from its binary component for sending SMS.


However, its SMS interception routine for preventing the broadcasting of message that come from "10086" or "1066185829" is not implemented or part of the native library.


The first variant, Trojan:Android/Zsone.A, has been known to exist on the official Android market.

Hopefully this new variant will not make it to Google Play. One wonders about the motivation of this development. We can see several possibilities of how the malware could utilize this new technique. Perhaps to defeat Google's Bouncer?

Our Mobile Security detects this as Trojan:Android/Zsone.C.

SHA1: a251bc753405d44f2902aca3f470006f77bf9e79


Analysis by — Zimry

<<< Flame-bait Questions
NYT: Obama Order Sped Up Wave of Cyberattacks Against Iran >>>