New Android Trojan secretly buys apps
Posted on 09.07.2012
Bookmark and Share
Even though malicious Android apps can occasionally be found on Google Play, Chinese third-party online Android markets are known for offering them by the hundreds, if not thousands.


Most of them do one of two things: collect personal and device information, or send out pricy messages to premium rate numbers. But now and then, an app that doesn't follow that pattern crops up.

Researchers of mobile security company TrustGo have recently unearthed a new type of Android malware whose goal is to surreptitiously buy apps and other content from China Mobile’s Mobile Market without alerting and needing the permission of the user.

Dubbed MMarketPay, the Trojan comes repackaged with a number of legitimate travel and weather apps, and is currently offered on no less than nine online Chinese Android markets.

According to the researchers, it has already been downloaded and likely installed by more than 100,000 users.

The malicious apps takes advantage of the easily subverted Mobile Market's payment workflow.

After having logged into the market's website, the Trojan can automatically place orders for paid apps and content. M-Market sends a verification code via SMS, which is then provided to M-Market for verification.

Once the verification is completed, the app is downloaded automatically, and China Mobile adds the order to the customer’s phone bill.

The Trojan is able to intercept received SMS messages in order to collect the verification code sent by M-Market and, if a CAPTCHA image is invoked, it is also able to post it to a remote server in search for the correct answer.

In the end, the users is left with an unexpected high phone bill.






Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //