SMSZombie Android Trojan infects 500,000 users
Posted on 20.08.2012
With its vast number of Android users and their preference for third-party online app markets, China is the perfect breeding ground for new Android malware.

Chinese mobile security company TrustGo Security has recently discovered an Android Trojan that targets Chinese users exclusively, as it takes advantage of a vulnerability in the China Mobile SMS Payment process to generate unauthorized payments, steal bank card numbers and money transfer receipt information.

Dubbed SMSZombie, the Trojan is delivered through legitimate wallpaper apps with with provocative titles and pictures. The main apps are harmless by themselves - and that is why they probably haven't been removed yet from GFan, China’s largest mobile app marketplace - and the malicious code is downloaded and added by them afterwards.

"Once installed, the virus then tries to obtain administrator privileges on the user’s device. This step cannot be canceled by the user, as the 'Cancel' button only reloads the dialog box until the
user eventually is forced to select “Activate” to stop the dialog box," TrustGo explains.

Once the Trojan gains these privileges, it uses them to disable users’ ability to delete the offending app.

"Using a configuration file that can be updated by the malware maker at anytime, the malware can intercept and forward a variety of SMS messages. Because these messages often include banking and financial information, users accounts can easily be hacked further," the researchers point out.

The virus is used mainly for recharging online gaming accounts via the China Mobile SMS Payment system, and the amounts are very small in order to not raise the device owner's suspicions.

According to the information TrustGo Vice President of Engineering shared with SecurityWeek, the Trojan does not report back to a C&C server. In fact, the malware receives its orders from an ever-changing set of random phone numbers.

GFan has still not removed the offending apps from its site and, so far, the devices of a half a million Chinese Android users are believed to be infected with SMSZombie.

Given the difficulty of getting rid of the malware, TrustGo has set up a page detailing the steps users must take to delete it from their devices.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //