New Android malware infects 100,000 Chinese smartphones
Summary: A new piece of Android malware called "Trojan!MMarketPay.A@Android" has been found on at least nine app stores, and has already infected over 100,000 Chinese smartphones. It works by automatically downloading paid content in the background.
TrustGo, which first discovered the malware, is calling this particular threat "Trojan!MMarketPay.A@Android" and has already found it on nine app stores: nDuoa, GFan, AppChina, LIQU, ANFONE, Soft.3g.cn, TalkPhone, 159.com, and AZ4SD. The security firm also disclosed the following eight package names for the malware:
- com.mediawoz.goweather
- com.mediawoz.gotq
- com.mediawoz.gotq1
- cn.itkt.travelskygo
- cn.itkt.travelsky
- com.funinhand.weibo
- sina.mobile.tianqitong
- com.estrongs.android.pop
MMarketPay.A works by placing malicious orders at Mobile Market. Normally, a Mobile Market customer receives a verification code via SMS after purchasing an app or multimedia content, which he or she has to input back into the market to start the download. China Mobile then adds this order to the customer's phone bill.
MMarketPay.A automates this process and downloads as much as it can so that victims rack up huge phone bills. It finds paid content, simulates a click action in the background, intercepts the received SMS messages, and collects the verification code sent by Mobile Market. If a CAPTCHA image is invoked, the malware posts the image to a remote server for analysis.
In short, MMarketPay.A is a complex little bugger. If you're using an Android device on China Mobile, you may want to check your phone bill and make sure there's nothing suspicious on it.
Android lets you download and install apps from anywhere (provided you have the following option enabled: Settings => Applications => Unknown sources). If you want to minimize the chance of downloading malicious apps, please only use the official Google Play store.
See also:
- Malware charges users for free Android apps on Google Play
- Android malware families nearly quadruple from 2011 to 2012
- A first: Hacked sites with Android drive-by download malware
- Warning: Fake Biophilla app on Android is malware
- Warning: Fake Instagram app on Android is malware
- Malicious version of Angry Birds Space spotted in the wild
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
I'm shocked, shocked i tell you, to hear of more
You are incorrect
I believe
Mister Spock
Correct
What generally matters most for protection from malware is the policies determining which software is allowed to run. Multi-user systems where professional systems administrators determine what is allowed to run tend to be much safer than single-user systems where users decide for themselves. One of Apple's biggest innovations with its App Store has been to act as a sort of systems administrator for iOS users, protecting them from themselves. Since Apple profit from the app sales, they have a strong incentive to spend money to properly vet apps (and so do Microsoft, since they copied the Apple model). In contrast, Google don't profit from app sales, so their incentive is simply to minimise costs. That's probably why Apple seem to do a much better job of vetting apps than Google. Even worse for Android, since it's open source, anyone can create their own app store and allow malware to flourish.
untrolling your redmondizm
1) every android java app is run with unique uid
2) a user can and should examine the apps permissions before installing it.
Compare with the any product made by Redmond.
Umm
You basically think this says something about Android because somebody wrote a malicious app for it... Guess what, Malicious apps have been written for Jail broken iPhones as well but they weren't in the App store either.
No it did not come from the Play Store
I wonder if this was intentionally missed by the moderator - if indeed that particular app source is moderated as - again from the article: "Normally, a Mobile Market customer receives a verification code via SMS after purchasing an app or multimedia content, which he or she has to input back into the market to start the download. China Mobile then adds this order to the customer's phone bill.
MMarketPay.A automates this process and downloads as much as it can so that victims rack up huge phone bills."
So no this is not a dig at Android or the Google Play Store from my end but a bit of a dig at China Mobile and a suspicion as to their motivation.
Android is also culpable
In contrast to iOS and Windows/WinRT, Android is open source, so anyone can use it. As a result, Google can't ban dodgy app stores from device makers, mobile operators, etc. It might be possible to set up some sort of open source, community-based system to vet apps and ensure quality, irrespective of the app store, but it can never be mandatory. It's an inherent weakness of the open source model.
Oh and one more thing
So you have any app names? There was the infamous "rickroll" worm and it's subsequent and malicious brother worm which both took advantage of neophyte jailbreakers not changing the root password but I do not recall any malicious apps off the top of my head.
Android apple and chastity belts
Does it make sense to block non official appstores for Android?
If Google adds a feature to new Android versions to block any other appstore which is not the official appstore just like iOS does in all their successful devices (iPhone and iPad) there would be much less viruses and malware installed on these smartphones, it's time for Google to become more restrictive on their OS and their apps supported.
They can't enforce it
Trojans are not malware...
Move along - nothing to see here - Android is still perfect and malware free*
...(don't ask Linux fanatics what that asterisk means - they don't want to tell you).
Hey, vegas where are loverock/ferrell?
Poorly Directed Skills