A new Android Trojan is running through China with at least 100,000 infections so far.
The Trojan provides a variation on covert premium calls where it secretly buys apps via China Mobile’s Android Market. The cost automatically bills to the user’s account.
The Trojan!MMarketPay.A@Android is in nine China app markets and has already infected more than 100,000 Android devices, said researchers at security firm TrustGo Mobile. TrustGo warns it may come as a repackaged app, such as cn.itkt.travelskygo or com.funinhand.weibo.
Its purpose is to log on to the China Mobile Android Market and download paid-for apps and video. China Mobile is one of the world’s largest mobile providers with 677 million customers. It operates an app store for its customers where charges automatically add on to the users’ phone bills.
The Mobile Market allows users to log in and download free or paid-for apps, or view multimedia content. If an app ends up paid for, China Mobile sends a verification code to the user. MMarketPay operates by covertly instigating and hijacking the log-in process, and intercepting the verification code.
For now, TrustGo said “this sophisticated new malware could cause unexpected high phone bills.” However, given the large number of apps installed and their relatively low cost, it is possible users will notice neither the app nor the addition to the phone bill and will remain unaware of any infection. The same methodology could also occur when a user downloads and installs spyware or spyware-infected apps planted in the Market.
TrustGo said the majority of mobile malware is in applications that originate from and attack third-party markets in China and Russia. It “recommends customers only download apps from trusted app stores and download a mobile security app which can scan malware in real-time.”