A new discovered malware is potentially one of the most costly viruses yet discovered. Uncovered by NQ Mobile, the "Bill Shocker" (a.expense.Extension.a) virus has already impacted 620,000 users in China and poses a threat to unprotected Android devices worldwide.


The Bill Shocker is an SDK designed by malware developers that infects several of the most popular apps in China, including Tencent QQ Messenger and Sohu News. The infected versions of these apps are further distributed by third-party online app stores and retail installation channels.

Bill Shocker downloads in the background, without arousing the mobile device owner's suspicion. The infection can then take remote control of the device, including the contact list, Internet connections and dialing and texting functions. Once the malware has turned the phone into a "zombie," the infection uses the device to send text message to the profit of advertisers. In many cases, the threat will overrun the user's bundling quota, which subjects the user to additional charges.

RiskRanker, which identifies potentially dangerous apps before they have the opportunity to impact users' phone bills, has determined that Bill Shocker is capable of upgrading itself and of automatically expanding to other apps, multiplying the potentially disastrous effects.

Because Bill Shocker can be used to send costly messages remotely, NQ Mobile believes it poses a serious threat to Android users. The inoculation has been posted to NQ Mobile's cloud-based security offering, ensuring the company's customers are safe from the threat. With a 63 percent market share in China, the majority of the most at-risk mobile devices have been inoculated automatically. NQ Mobile has also alerted Chinese mobile carriers of the threat to prevent its further spread.

NQ Mobile has posted an anti-malware app to help protect all Android users. It can be found here.

Tips to avoid infection

To avoid becoming a victim, please follow common-sense guidelines for smartphone security:

1. Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.

2. Never accept application requests from unknown sources. Closely monitor permissions requested by any application; an application should not request permission to do more than what it offers in its official list of features.

3. Be alert for unusual behavior on the part of mobile phones and be sure to download a trusted security application that can scan the applications being downloaded onto your mobile device. NQ Mobile Security users are already fully protected from the Bill Shocker threat.