New Android Trojan secretly buys apps
Posted on 09.07.2012
Even though malicious Android apps can occasionally be found on Google Play, Chinese third-party online Android markets are known for offering them by the hundreds, if not thousands.


Most of them do one of two things: collect personal and device information, or send out pricy messages to premium rate numbers. But now and then, an app that doesn't follow that pattern crops up.

Researchers of mobile security company TrustGo have recently unearthed a new type of Android malware whose goal is to surreptitiously buy apps and other content from China Mobileís Mobile Market without alerting and needing the permission of the user.

Dubbed MMarketPay, the Trojan comes repackaged with a number of legitimate travel and weather apps, and is currently offered on no less than nine online Chinese Android markets.

According to the researchers, it has already been downloaded and likely installed by more than 100,000 users.

The malicious apps takes advantage of the easily subverted Mobile Market's payment workflow.

After having logged into the market's website, the Trojan can automatically place orders for paid apps and content. M-Market sends a verification code via SMS, which is then provided to M-Market for verification.

Once the verification is completed, the app is downloaded automatically, and China Mobile adds the order to the customerís phone bill.

The Trojan is able to intercept received SMS messages in order to collect the verification code sent by M-Market and, if a CAPTCHA image is invoked, it is also able to post it to a remote server in search for the correct answer.

In the end, the users is left with an unexpected high phone bill.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //