New Android malware infects 100,000 Chinese smartphones

New Android malware infects 100,000 Chinese smartphones

Summary: A new piece of Android malware called "Trojan!MMarketPay.A@Android" has been found on at least nine app stores, and has already infected over 100,000 Chinese smartphones. It works by automatically downloading paid content in the background.

SHARE:

New Android malware infects 100,000 Chinese smartphones
A new piece of malware has been discovered on more than 100,000 Android smartphones in China. It generates revenue by silently downloading paid apps and multimedia content from Mobile Market, an Android app store hosted by China Mobile, one of the largest wireless providers in the world.

TrustGo, which first discovered the malware, is calling this particular threat "Trojan!MMarketPay.A@Android" and has already found it on nine app stores: nDuoa, GFan, AppChina, LIQU, ANFONE, Soft.3g.cn, TalkPhone, 159.com, and AZ4SD. The security firm also disclosed the following eight package names for the malware:

  • com.mediawoz.goweather
  • com.mediawoz.gotq
  • com.mediawoz.gotq1
  • cn.itkt.travelskygo
  • cn.itkt.travelsky
  • com.funinhand.weibo
  • sina.mobile.tianqitong
  • com.estrongs.android.pop

MMarketPay.A works by placing malicious orders at Mobile Market. Normally, a Mobile Market customer receives a verification code via SMS after purchasing an app or multimedia content, which he or she has to input back into the market to start the download. China Mobile then adds this order to the customer's phone bill.

MMarketPay.A automates this process and downloads as much as it can so that victims rack up huge phone bills. It finds paid content, simulates a click action in the background, intercepts the received SMS messages, and collects the verification code sent by Mobile Market. If a CAPTCHA image is invoked, the malware posts the image to a remote server for analysis.

In short, MMarketPay.A is a complex little bugger. If you're using an Android device on China Mobile, you may want to check your phone bill and make sure there's nothing suspicious on it.

Android lets you download and install apps from anywhere (provided you have the following option enabled: Settings => Applications => Unknown sources). If you want to minimize the chance of downloading malicious apps, please only use the official Google Play store.

See also:

Topics: Security, Android, Google, Malware, Mobile OS, Operating Systems, Smartphones, China

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • I'm shocked, shocked i tell you, to hear of more

    malware for android. Android is a malware magnet and full of security holes. Doesn't matter what android markets you use, if you're using an android phone or tablet you should expect malware.
    Johnny Vegas
    • You are incorrect

      it is based on Linux, the safest operating system that has ever been created, from what someone here has repeatedly stated.
      Tim Cook
      • I believe

        that this particular individual also staked his reputation on that statement.
        athynz
      • Mister Spock

        This malware issue has nothing to do with the Linux kernel.
        daikon
        • Correct

          When attackers successfully compromise software on Windows, Mac OS, Unix, Linux or Android, the usual cause is user error, followed by user-mode software bugs. The kernels almost never have anything to do with it. That's why claims by Linux zealots that the Linux kernel somehow 'protects' Linux from malware (or similar comments by Apple zealots about the XNU kernel, although most Apple zealots aren't technically literate enough to know what a kernel is) have always been ridiculous. If Windows zealots made similar comments about the NT kernel 'protecting' Windows from malware, they would be equally ridiculous, but I've never heard/read such claims. NT, XNU and Linux are all good kernels, but they can't magically protect users from malware.

          What generally matters most for protection from malware is the policies determining which software is allowed to run. Multi-user systems where professional systems administrators determine what is allowed to run tend to be much safer than single-user systems where users decide for themselves. One of Apple's biggest innovations with its App Store has been to act as a sort of systems administrator for iOS users, protecting them from themselves. Since Apple profit from the app sales, they have a strong incentive to spend money to properly vet apps (and so do Microsoft, since they copied the Apple model). In contrast, Google don't profit from app sales, so their incentive is simply to minimise costs. That's probably why Apple seem to do a much better job of vetting apps than Google. Even worse for Android, since it's open source, anyone can create their own app store and allow malware to flourish.
          WilErz
      • untrolling your redmondizm

        you guys are safest trolls! Just want to untroll your FUD:
        1) every android java app is run with unique uid
        2) a user can and should examine the apps permissions before installing it.

        Compare with the any product made by Redmond.
        eulampius
    • Umm

      Notice this didn't come from the play store?

      You basically think this says something about Android because somebody wrote a malicious app for it... Guess what, Malicious apps have been written for Jail broken iPhones as well but they weren't in the App store either.
      slickjim
      • No it did not come from the Play Store

        It came from a carrier moderated app store - from the article: " It works by silently downloading paid apps and multimedia content from Mobile Market, an Android app store hosted by China Mobile, one of the largest wireless providers in the world."

        I wonder if this was intentionally missed by the moderator - if indeed that particular app source is moderated as - again from the article: "Normally, a Mobile Market customer receives a verification code via SMS after purchasing an app or multimedia content, which he or she has to input back into the market to start the download. China Mobile then adds this order to the customer's phone bill.

        MMarketPay.A automates this process and downloads as much as it can so that victims rack up huge phone bills."

        So no this is not a dig at Android or the Google Play Store from my end but a bit of a dig at China Mobile and a suspicion as to their motivation.
        athynz
        • Android is also culpable

          Since iOS is closed source, and owned by Apple, Apple can prevent operators like China Mobile creating their own app stores. Users can of course still 'jail break' their iPhones, but then they're in completely unsupported territory. Any attempt by the likes of China Mobile to officially 'jail break' iPhones they sell would be a violation of agreements with Apple. It's similar with Microsoft and Windows/WinRT (but not Windows/Win32, since it doesn't use a centralised app distribution model, although Microsoft could theoretically migrate Win32 to such a model).

          In contrast to iOS and Windows/WinRT, Android is open source, so anyone can use it. As a result, Google can't ban dodgy app stores from device makers, mobile operators, etc. It might be possible to set up some sort of open source, community-based system to vet apps and ensure quality, irrespective of the app store, but it can never be mandatory. It's an inherent weakness of the open source model.
          WilErz
      • Oh and one more thing

        Weekid says: "Guess what, Malicious apps have been written for Jail broken iPhones as well but they weren't in the App store either."

        So you have any app names? There was the infamous "rickroll" worm and it's subsequent and malicious brother worm which both took advantage of neophyte jailbreakers not changing the root password but I do not recall any malicious apps off the top of my head.
        athynz
    • Android apple and chastity belts

      If you go to a diverticula without condom and get HIV, it is your own fault, and not that of Google or Android. Take some responsibiloty man rather than be treated like a child and put in chastity belt by Steve Jobs
      abledoc@...
  • Does it make sense to block non official appstores for Android?

    Android is a fragmented OS, we all know that, but keeping that policy on fragmentation won't help to reduce the threat and vulnerabilities of new malware, which could be done by foreign government, advertising companies, etc,

    If Google adds a feature to new Android versions to block any other appstore which is not the official appstore just like iOS does in all their successful devices (iPhone and iPad) there would be much less viruses and malware installed on these smartphones, it's time for Google to become more restrictive on their OS and their apps supported.
    Gabriel Hernandez
    • They can't enforce it

      If Google implemented such a feature, China Mobile or anyone else could simply create their own Android fork and remove it. Amazon have already shown how easy it is to fork Android, and that Google have no power over forked versions.
      WilErz
  • Trojans are not malware...

    Malware is only a Windows thing, doncha know. This is a trojan, therefore, it doesn't fall into the category of "malware", it only falls into the category of "Malicious software that a user downloads on their own". Because it's different.

    Move along - nothing to see here - Android is still perfect and malware free*

    ...(don't ask Linux fanatics what that asterisk means - they don't want to tell you).
    daftkey
  • Hey, vegas where are loverock/ferrell?

    you 3 usually fly in formation.
    droidfromsd
  • Poorly Directed Skills

    They can do all that but they can't make a legitimate living off of Android apps.
    Brian Croner