Chinese Android app store spread the stealth SMS payment

by Rosgani 0

China is a country that has quite a lot of Android users, therefore the country is also providing their Android App Store dedicated for domestic users, unfortunately the app store has been infected with a malware.

A few weeks ago, the anti-virus specialist TrustGo have discovered the existence of malware that attacks multiple Android app stores located in China, one of which is MMarketPlay theft method of payment through SMS delivery method silently.

The team at TrustGo has found the malware to be hosted on various apps at GFan, China’s largest mobile app marketplace. The nasty piece of software can be found hiding in provocative wallpaper apps.

Dubbed ‘Trojan! SMSZombie’, the virus was first identified on July 25 by the firm, roomates claims to be the first security specialist to locate it and offer a method to remove the malware – roomates ‘barricades’ itself onto infected devices.

Meanwhile, there is a virus on the site GFan Stealth SMS which infected 500.000 Android devices in China and makes it possible to steal unauthorized premium SMS to users.

In a post on TrustGo blog explaining a delivery method, where the user will be charged data access through the network of China Mobile:

The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called “Android System Service.”

Once installed, the virus then tries to obtain administrator privileges on the user’s device. This step cannot be canceled by the user, as the “Cancel” button only reloads the dialog box until the user eventually is forced to select “Activate” to stop the dialog box. These privileges disable users’ ability to delete the app, causing the device to return to the home screen even after choosing to uninstall the app.

Currently, many mobile phone users in China use the SMS feature to make the payment, it is of great concern if the malware has access to credit card details and bank account victim. Go Trust also wrote:

Using a configuration file that can be updated by the malware maker at anytime, the malware can intercept and forward a variety of SMS messages. Because these messages often include banking and financial information, users accounts can easily be hacked further.

For avoid the spreadding those malware, TrustGo provides the anti-virus application for Android user, the user can immediate download anti-virus application via the link TrustGo have set up those anti-virus and provide an update every time